How did it get to this? Project risk versus company liability

Disclosure: Tim Procter worked in Arup’s Melbourne office from 2008 until 2016.Shortly after Christmas a number of media outlets reported that tier one engineering consulting firm Arup had settled a major court case related to traffic forecasting services they provided for planning Brisbane’s Airport Link tunnel tollway. The Airport Link consortium sued Arup in 2014, when traffic volumes seven months after opening were less than 30% of that predicted. Over $2.2b in damages were sought; the settlement is reportedly more than $100m. Numerous other traffic forecasters on major Australian toll road projects have also faced litigation over traffic volumes drastically lower than those predicted prior to road openings.Studies and reviews have proposed various reasons for the large gaps between these predicted and actual traffic volumes on these projects. Suggested factors have included optimism bias by traffic forecasters, pressure by construction consortia for their traffic consultants to present best case scenarios in the consortia’s bids, and perverse incentives for traffic forecasters to increase the likelihood of projects proceeding past the feasibility stage with the goal of further engagements on the project.Of course, some modelling assumptions considered sound might simply turn out to be wrong – however, Arup’s lead traffic forecaster agreeing with the plaintiff’s lead counsel that the Airport Link traffic model was “totally and utterly absurd”, and that “no reasonable traffic forecaster would ever prepare” such a model indicates that something more significant than incorrect assumptions were to blame.Regardless, the presence of any one of these reasons would betray a fundamental misunderstanding of context by traffic forecasters. This misunderstanding involves the difference between risk and criticality, and how these two concepts must be addressed in projects and business.In Australia risk is most often thought of as the simultaneous appreciation of likelihood and consequence for a particular potential event. In business contexts the ‘consequence’ of an event may be positive or negative; that is, a potential event may lead to better or worse outcomes for the venture (for example, a gain or loss on an investment).In project contexts these potential consequences are mostly negative, as the majority of the positive events associated with the project are assumed to occur. From a client’s point of view these are the deliverables (infrastructure, content, services etc.) For a consultant such as a traffic forecaster the key positive event assumed is their fee (although they may consider the potential to make a smaller profit than expected).Likelihoods are then attached to these potential consequences to give a consistent prioritisation framework for resource allocation, normally known as a risk matrix. However, this approach does contain a blind spot. High consequence events (e.g. client litigation for negligence) are by their nature rare. If they were common it is unlikely many consultants would be in business at all. In general, the higher the potential consequence, the lower the likelihood.This means that potentially catastrophic events may be pushed down the priority list, as their risk (i.e. likelihood and consequence) level is low. And, although it may be very unlikely, small projects undertaken by small teams in large consulting firms may have the potential to severely impact the entire company. Traffic forecasting for proposed toll roads appears to be a case in point. As a proportion of income for a multinational engineering firm it may be minor, but from a liability perspective it is demonstrably critical, regardless of likelihood.There are a range of options available to organisations that wish to address these critical issues. For instance, a board may decide that if they wish to tender for a project that could credibly result in litigation for more than the organisation could afford, the project will not proceed unless the potential losses are lowered. This may be achieved by, for example, forming a joint venture with another organisation to share the risk of the tender.Identifying these critical issues, of course, relies on pre-tender reviews. These reviews must not only be done in the context of the project, but of the organisation as a whole. From a project perspective, spending more on delivering the project than will be received in fees (i.e. making a loss) would be considered critical. For the Board of a large organisation, a small number of loss-making projects each year may be considered likely, and, to an extent, tolerable. But the Board would likely consider a project with a credible chance, no matter how unlikely, of forcing the company into administration as unacceptable.This highlights the different perspectives at the various levels of large organisations, and the importance of clear communication of each of their requirements and responsibilities. If these paradigms are not understood and considered for each project tender, more companies may find themselves in positions they did not expect.Also published on:https://sourceable.net/how-did-it-get-to-this-project-risk-vs-company-liability/

Read More

The Art of Communicating Engineering Judgement

Tim Procter shares his experience as a graduate engineer developing engineering judgement and his approach to communicating this knowledge to various stakeholders. This article was originally published at Engineering Education Australia.

As a graduate engineer (some years ago) moving from university to the workplace I was surprised to discover just how vast and varied engineering knowledge actually is. After completing an intensive degree and gaining what felt like a good understanding of engineering fundamentals, it came as something of a surprise to realise that becoming expert in just one engineering sub-sub-discipline could truly take a lifetime.

Science fiction legend, Arthur C. Clarke noted that any sufficiently advanced technology is indistinguishable from magic. To the qualified but inexperienced engineer that I was, a senior engineer discussing advanced engineering knowledge appeared quite the same; the outputs were comprehensible, but not their derivation. Such knowledge was generally referred to as demonstrating ‘engineering judgement’.

Engineering judgement is used when making a decision. It involves an engineer weighing up, in their own mind, the pros and cons of the potential courses of action being considered. This process may be formal, intuitive or deliberate or, in most cases, an intricate combination of the three.

As a graduate I regarded this engineering judgement with a sense of awe, as I considered the years of experience my seniors wielded when pronouncing how the engineered world should be. Surely, I thought, one day in the (distant) future my engineering judgement will arrive. And then I too will have the knowledge!

Oddly enough, I found personal development tends not to work this way. My engineering judgement gradually developed with my experience as I dealt with problems of greater complexity. I discovered that I understood the decision required, the options available, and the best course of action, but the act of explaining the decision was often more difficult than simply knowing the answer.

This knowing/telling paradox gives a clue as to the source of my graduate self’s confusion and awe of my senior colleagues’ wisdom. While the best solution may have been found, a problem persists; sometimes this judgement must be explained to a non-technical layperson, including graduate engineers.

Explaining engineering judgement to non-technical persons happens in a range of contexts – financial, managerial, corporate, governmental, legal, and the wider community. It is especially important for these stakeholders to understand the decision-making processes when dealing with safety, the environment, project management, operations and a whole host of other engineering considerations. This means that engineering jargon and equations will often work against the goal of communication.

The most effective approach I have found to communicate engineering judgement is to explain the options considered, their gradual exclusion, and the specific reasons each excluded option was considered unsuitable. It requires a clear explanation of critical success factors and how each option supports or hinders each of these goals. This best reflects the engineering process, where much of the time the ‘best’ option is actually the ‘least worst’ option, given the constraints it must meet and the corresponding trade-offs in time, cost, quality, and efficiency.

I find this process is generally understood by non-technical persons and helps prompt structured and useful questions from listeners: Why was this option not appropriate? How were the specific benefits of this option considered? This provides a good enquiry framework for engineering graduates and others to both understand and develop their own engineering judgement.

It is critical for graduates to develop their engineering judgement and the ability to communicate it. It brings confidence to both the engineer and their stakeholders, as each better understands the others’ needs and decisions. It is, in many ways, the single most important skill I have developed in my career, and something that each day I practise, in both senses of the word.

My advice for graduates is to take any opportunity to do the same. Make your best decisions for the problems you face, and then discuss your judgements with your managers, mentors and teammates. And when more complex engineering problems arise you’ll be able to not only solve them but also explain them. And that’s something that every engineer should be able to do.

Also published at:

https://eea.org.au/insights-articles/art-communicating-engineering-judgement

https://frontier.engineersaustralia.org.au/news/the-art-of-communicating-engineering-judgement/

Read More

2017: The Year in Review

It’s hard to believe that 2017 is coming to a close and 2018 is almost here. As part of our end of year wrap up, here are some of the highlights that we would like to share with you.

In February R2A together with the Victorian Bar had the pleasure of presenting Cambridge Reader in Law and former British MP, Professor David Howarth for a special session, co-chaired by the Victorian Bar and Engineers Australia, exploring his latest book, Law as Engineering.

Professor Howarth’s essential point in his book is that these days most lawyers don’t litigate. Rather, they design social constructs such as contracts, companies, treaties and wills to facilitate their clients’ wishes. This is similar to how engineers design physical constructs to satisfy their clients’ desires.

David’s event sparked useful and interesting discussions between the engineering and legal professions.

Gaye's role on the Powerline Bushfire Safety Committee continued this year. Gaye’s role is to provide risk management and best practice advice.

We were privileged to work with many clients throughout the year. Here are a few of the interesting projects completed during the year.

INTERESTING PROJECTS

Bicycle Access Management Review. Earlier this year R2A assisted Queensland’s Department of Transport and Main Roads (TMR) with the development, testing and implementation of a risk assessment methodology for bicycle access management. Following a series of information-gathering tasks, R2A developed a proposed SFAIRP[1] decision-making process for bicycle access management on state-controlled roads. TMR is currently preparing a supporting policy for state-wide implementation.

Asset Risk Management Framework Review. R2A completed a review to develop an asset safety risk management framework consistent with the requirements of the Work Health and Safety Act (WHS) 2012, the TasNetworks Risk Management Framework (2015) and the TasNetworks Asset Management Plan (2015) whilst simultaneously taking into account the requirements of Tasmania’s electricity safety regulator (the Department of Justice) and the national electricity economic regulator (the AER).

Gold Coast Desalination Plant Access Review. R2A undertook a commission to conduct a safety due diligence review of the Gold Coast Desalination Plant access arrangements to the high-pressure areas whilst the plant is producing water.

State Emergency Risk Assessment Review. This project was undertaken to confirm the appropriateness of the State’s priority emergency risks, the controls in place and their effectiveness as well as and if required revise the risk characterisation in line with the updated National Emergency Risk Assessment Guidelines (NERAG) 2014.

Rail Project Business Case Reviews. R2A completed a number of business case reviews were this year for PTV and Trasport for Victoria, including the Safer Country Crossings and DDA Access Improvements Programs.

Plant and Equipment Review. R2A were engaged by DEDJTR to review its plant and equipment safety management systems at 8 key Department research farms. This provided a basis for a larger Department program to enhance its safe and efficient management of physical assets.

Fire Loss Risk Methodology Review. The purpose of R2A’s review was to ‘test’ the proposed methodology and to provide advice as to its effectiveness or otherwise of demonstrating ‘as far as practicable’ in the management of bushfire risk, particularly with regard to the question of disproportionality.

The Grimes Review

On 19 January 2017, the Minister for Energy, Environment and Climate Change announced an independent review of Victoria’s Electricity Network Safety Framework, to be chaired by Dr Paul Grimes. On 5 May 2017, the Minister announced an expansion to the Review’s Terms of Reference to include Victoria’s gas network safety framework. R2A provided submissions for both gas and electrical safety, and met with Dr Grimes twice.

Pleasingly, from R2A’s perspective, the recommendation in the interim report stated that the decision-making criteria for safety should be consistent with that of the 2004 OHS act, that is, a precautionary approach that uses the SFAIRP principle rather than an ALARP principle using target levels of risk.

In coming to this view Dr Grimes comments favourably on the R2A understanding of issues involved.

The final report is expected to be released early next year.

CONFERENCES

Earlier this year Tim presented at the Fire Australia Conference in Sydney on The Legal Context to QRA. Whilst Gaye presented her paper on How safe is safe enough? Effective Safety Frameworks at EECon in Melbourne. Richard also presented to two groups of marine pilots on pilotage safety due diligence at SmartShip.

We have availability for similar opportunities next year. Drop us a line if you have an event coming up.

MEDIA

Richard and Tim continued to write for Sourceable this year:

EDUCATION

From an education perspective, Richard delivered numerous public and in-house courses on Engineering Due Diligence as well as continuing to deliver the Swinburne post-graduate unit Introduction to Risk & Due Diligence with Gaye and Tim both presenting guest lectures.

The 2-day joint R2A/EEA engineering due diligence workshop was again successful this year and will continue in 2018. This workshop is aimed at aspiring directors and senior managers.

[1] “So far as is reasonably practicable”, as required by the 2011 Work Health and Safety Act.

Read More

Update on Victoria’s Energy Safety Framework Review

On 19 January 2017, the Minister for Energy, Environment and Climate Change announced an independent review of Victoria’s Electricity Network Safety Framework, to be chaired by Dr Paul Grimes. On 5 May 2017, the Minister announced an expansion to the Review's Terms of Reference to include Victoria’s gas network safety framework.The interim report was released in October and can be viewed at: https://engage.vic.gov.au/application/files/6915/0942/0613/Interim_Report_-_Review_of_Victorias_Electricity_and_Gas_Network_Safety_Framework.pdfR2A provided submissions for both gas and electrical safety which have previously been blogged at:

From R2A’s reading of the interim report, the primary recommendation is that there should be a single piece of energy safety legislation that covers electricity, gas and pipelines, all to be administered by a single agency, Energy Safe Victoria.Pleasingly, from R2A’s perspective, the decision making criteria for safety should be consistent with that of the 2004 OHS act, that is, a precautionary approach that uses the SFAIRP principle rather than an ALARP principle using target levels of risk.In coming to this view Dr Grimes comments favourably on the R2A understanding of issues involved. He notes that R2A in its submission to the Review expressed a view that there needs to be clarity and consistency around the question of what constitutes “ reasonably practicable ” and, in addition, the language that is adopted to express the objective of the safety framework.

Nevertheless, the methodological distinction between the target risk and a precaution based approaches, and the other important practical implications identified by R2A, are highly relevant to the Review’s consideration and have helped inform its assessment of leading practice. (footnote on page 72)

Dr Grimes concludes that:

The Review is persuaded by the arguments that a pure target risk approach, while having some theoretical elegance, is less robust in practice than a precaution - based approach…(page 73) … the Review is proposing a draft recommendation that this definition be formally adopted for electricity and gas network safety.

The R2A Board considers the adoption of the precaution based approach to be an outstanding outcome and congratulates Dr Grimes on his acuity.The cutoff date for comment on the interim report of the Review of Victoria’s Electricity and Gas Network Safety Framework is the 27th November.

Read More
Due Diligence Due Diligence

Should you attend the Engineering Due Diligence Workshop?

An introduction to the concept of Engineering Due Diligence

Engineering is the business of changing things, ostensibly for the better. The change aspect is not contentious. Who decides what’s ‘better’ is the primary source of mischief.

In a free society, this responsibility is morally and primarily placed on the individual, subject always to the caveat that you shouldn’t damage your neighbours in the process. Otherwise you can pursue personal happiness to your heart’s content even though this often does not make you as happy as you’d hoped. And it becomes rapidly more complex once collective cooperation via immortal legal entities known as corporations came to the fore as the best way to generate and sustain wealth. This is particularly significant for engineers as the successful implementation of big ideas requires large scale cooperative effort to the possible detriment of other collectives.

The rule of law underpins the whole social system. It is the method by which harm to others is minimised consistent with the principle of reciprocity (the golden rule – do unto others as you would have done unto you) prevalent in successful, prosperous societies. In Australia it has been implemented via the common law and increasingly, in statute law. Company directors, for example, have to be confident that debts can be paid when they fall due (corporations law), workers (and others) should not be put unreasonably at risk in the search for profits (WHS law) and the whole community should be protected against catastrophic environmental harm (environmental legislation). It is unacceptable for drink-drivers to kill and injure others, the vulnerable to be exploited or the powerful to be immune from prosecution. Everyone is to be equal before the law.

Provided such outcomes are achieved, the corporation and the individuals within them are pretty much free to do as they please. Monitoring all these constraints and ensuring the balance between individual freedoms and unreasonable harm (safety, environmental and financial) to others has become the primary focus of our legal system.

But the world is a complex place and its difficult to be aways right particularly when dealing with major projects. But it is entirely proper to try to be right within the limits of human skill and ingenuity. The legal solution to address all this has been via the notion of ‘due diligence’ and the ‘reasonable person’ test.

Analysing complex issues in a way that is transparent to an entire organisation, the larger society and, if necessary, the courts can be perplexing. Challenges arise in organisations when there are competing ideas of better, meaning different courses of action all constrained with finite resources. This EDD workshop provides a framework for the various internal and external stakeholders to listen to, understand and decide on the optimal course of action taking into account safety, environmental, operational, financial and other factors.

To be ‘safe’, for example, requires that the laws of nature be effectively managed, but done in a way that satisfies the laws of man, in that order.

Engineering Due Diligence Workshop

The learning method at the R2A & EEA public workshops follows a form of the Socratic ‘dialogue’. Typical risk issues and the reasons for their manifestation are articulated and exemplar solutions presented for consideration. The resulting discussion is found to be the best part for participants as they consider how such approaches might be used in their own organisation or project/s.

Current risk issues of concern and exemplar solutions include:

  • Project schedule and cost overruns. This is much to do with the over-reliance on Monte Carlo simulations and the Risk Management Standard which logically and necessarily overlook potential project show-stoppers. A proven solution using military intelligence techniques will be articulated. This has never failed in 20 years with projects up to $2.5b.
  • Inconsistencies between the Risk Management Standard and due diligence requirements in legislation, particularly the model WHS Act. A tested solution that integrates the two is presented, as is now being implemented by many major Australian and New Zealand organisations, shown diagrammatically below.

  • Compliance does not equal due diligence. Solutions are provided to avoid over reliance on legal compliance as an attempt to demonstrate due diligence. It also demonstrates how a due diligence approach facilitates innovation.
  • The SFAIRP v ALARP debate. Model solutions presented (if relevant to participants) including marine and air pilotage, seaport and airport design (airspace and public safety zones), power distribution, roads, rail, tunnels and water supply.

Participants are also encouraged to raise issues of concern. To enable open discussion and explore possible solutions, the Chatham House Rule applies to participants’ remarks meaning everyone is free to use the information received without revealing the identity or affiliation of the speaker.

To find out more information about the Engineering Due Diligence Workshop held in partnership with Engineering Education Australia, head to our workshop page or contact course facilitator, presenter and R2A Partner Richard Robinson at richard.robinson(@)r2a.com.au or call 1300 772 333.
If you're ready to register, do so direct via EEA website here.
Read More
Due Diligence Due Diligence

Engineering: Ideas and Reality

Engineers play an integral role in bringing society’s wishes to fruition. As Engineers Australia’s monthly magazine create notes, we engineer ideas into reality.

However, when we go about taking ideas and making them real we have responsibilities. We are obliged to consider the ideas’ risks as well as benefits. We must ensure that our engineering activities meet our society’s expectations, and in particular that we address all our legal duties as engineers.

And so, even as we engineer new ideas into reality, we must also engineer the new reality we create into ideas – the ideas expressed in Australia’s laws.

Australia is an egalitarian society. Our judicial and political systems are predicted on the basis of equality for all before the law. This gives rise to a number of interesting ideals. For instance, one of our fundamental legal safety principles is that, for a known safety hazard, everyone is entitled to the same minimum level of protection. This arises from work health and safety legislation in all states and territories.

As another example of this, recognised good practice is a standard to which all engineers are held, in safety matters and otherwise. Engineering good practice is demonstrated in many ways, including standards and guidelines for design, operation, asset management and so on. It is also presented in regulations, which essentially present good practice that is so well recognised that the governments agree that it must be mandated. The National Construction Code is a prime example of this.

This reliance on recognised good practice means that, for instance, an engineering project manager who fails to implement recognised good practice measures to address the risk of project cost or timeline overrun would very likely expose his organisation to civil liabilities.

The simplest, cheapest and most effective way for engineers to address these and other legal requirements is to adopt systems and processes that demonstrate due diligence, that is, that all reasonable measures have been taken. This approach ensures engineering activities and engineering decisions are conducted in a manner consistent with legal requirements – that as we engineer ideas into reality, we also engineer reality to the right ideas.

To learn more about demonstrating due diligence as engineers, register for EEA’s Engineering Due Diligence workshop.

Read More

Witness Box Whiteboards?

Engineers tend to think problems through as visual concepts, particularly as a concept sketch or design. This is reflected by a lawyer trained CEO of a water authority:

Now that you mention it, I have noticed that if I get between the whiteboard and my engineers they do tend to go mute.

That is, for an engineer a picture really is worth a 1,000 words. Well, at least a picture with some numbers on it.The courts, on the other hand, use words exclusively. It can be something of an art form to read a judgment to establish the key decision point. And when an engineer is in a witness box trying to explain to two barristers and a judge (who have not done a science based subject for many years) a complex technological matter, it is small wonder that uncertainty arises in the collective mind of the court.It would be most desirable to ensure the efficiency of the rule of law to include a whiteboard in the witness box when an engineer is on the stand.

Read More

EA College of Leadership & Management Event

In his capacity as Victorian Committee member, Tim Procter organised and MCed the recent winter seminar for Engineer Australia’s College of Leadership and Management.Daniel van Oostenwijck (VicTrack) and Clive Domone (EY) spoke on The Mobile Office – Working Anywhere, providing insight to help leaders and managers achieve high performance when leading distributed teams. Daniel and Clive made many interesting points from their experience as both leaders and team members, prompting audience questions and discussions.With around 30 attendees in person and another 90 registered to watch online the seminar was well attended. The event was recorded as a video webinar for future viewing. The link to view the webinar is here:https://livestream.com/accounts/5690925/events/7597877(The password is ‘Gradedge2017’; the webinar begins at the 16:00 minute mark.)

Read More

Scientific Management and the AER

Scientific management appeared as a formalised concept in 1910. In its idealised form it involved observing workers performing tasks, identifying potential efficiencies that could be gained in time or effort, and implementing changes.This was followed, of course, by scientific management consultants invoicing businesses for these services.This approach (including the invoicing) seems to have been first implemented by Frederick Winslow Taylor, an industrial engineer from Philadelphia. It was named in 1910 and subsequently popularised by Louis Brandeis, a Boston lawyer later made an Associate Justice of the US Supreme Court, Frank Gilbreth, a building contractor and superintendent, and his wife Lillian, who had a background (and eventually a doctorate) in psychology.Taylor, Brandeis and the Gilbreths differed in their motivation and focus in this emerging field. Taylor had as his tool a stopwatch, focusing on potential time savings in tasks, often through greater exertion on behalf of manual labourers. The Gilbreths used a movie camera to study workers, classifying 17 ‘elementary’ units of movement they named ‘therbligs’ and identifying wasted time and motion.Brandeis, on the other hand, did not practice scientific management himself. In his work as a lawyer, he came across the concepts of scientific management. He used these to successfully argue (among other things) that the basis of freight prices set by rail carriers were arbitrary and excessive, and that scientific management could demonstrate great potential gains in efficiency, and hence that carriers ought not to raise their prices.Brandeis used consultants to identify these efficiencies through Taylor's and the Gilbreths' methods, with the aim of reducing the effort and complexity required for specific tasks. Through this, he came to believe that the ideas espoused by Taylor and the Gilbreths could be used to reduce costs, raise wages (especially for low-paid workers), and generally enhance workers’ standard of living.Brandeis attempted to bring this approach to labour disputes, campaigning to unions on the benefits of scientific management. Unions, however, were skeptical, seeing (not without justification) a slippery slope to the commodification of workers as indistinguishable parametric units, rather than individual human partners in enterprise.Regardless, the concept of scientific management spread quickly, resulting directly and indirectly in a wide range of today’s approaches to business and efficiency, including strategic management, large parts of MBA courses, human factors, and widespread organisational benchmarking.Benchmarking is used in a wide range of contexts, including quantity estimation, business planning and management, industry regulation, and many others. It provides insight into expectations of time and cost, and helps identify outliers that may warrant further attention.In view of the ‘natural’ monopoly nature of Australian electricity distribution networks, electricity network businesses are subject to economic regulation by the federal Australian Energy Regulator (AER) and safety regulation by state-based agencies, such as IPART in NSW, and Energy Safe Victoria (ESV). These regulators essentially attempt to balance the networks’ business interests against the interests of the community, both financial (such as reasonable electricity prices) and safety (such as the networks’ bushfire management actions).The AER promotes this community financial interest through its authority to (attempt to) replicate the commercially beneficial effects of a ‘market’. One mechanism used in this process is limiting the prices distribution networks can charge for electricity supply. Similar to Brandeis’ assessment of freight prices set by rail carriers, these limits are in partly based on the expected (benchmarked) cost of time, materials and labour for particular tasks.There is no doubt that as electricity networks have been privatised, the AER’s approach has resulted in the maintained affordability of electricity, an essential service, to the Australian community. However, the separation of the financial and safety regulatory functions has resulted in some unintended consequences.The AER’s determination of distribution networks electricity supply prices includes consideration of expected asset maintenance and replacement. This translates through the distribution networks' operations to their field work scheduling. Field workers are allocated a certain number of asset tasks to be completed in a certain time frame. However even with an allowance for some of the expected work, this drives the perceived responsibility of any shortfall of tasks or exceedance of timeframe to the field worker.The practical result is that electrical workers in the field are driven to act on a benchmarked price/time unit rate and to ignore incipient safety issues, especially to third parties the public) that should otherwise be reported and dealt with, in efficient economic terms, on the spot. In the hierarchy of day-to-day concerns, workers may become more focused on failing to complete each day’s scoped tasks than dealing with safety issues that arise. In terms of James Reason’s theory of risk culture, it encourages distribution networks in safety terms to move from generative to pathological. That is, workers are disincentivised from bringing safety problems to management’s attention.This is a spectre of the issue the unions raised to Brandeis when he assured them that scientific management would increase their members’ lots in life. Great benefit may be gained from the quantification and benchmarking of organisations. But this must be done in the context of the people carrying out the tasks. If it is not, workplace culture (safety and otherwise) is corroded, and workers’ perception being that management views them simply as numbers or automatons, rather than people, leads to a self-fulfilling prophecy.

This article first appeared on Sourceable.

Read More
Due Diligence Due Diligence

Regulators Put Cost Before Safety

A recent New York Times article presents a view as to what bought about the Grenfell tower fire disaster. It’s depressing reading, as it is clear that the hazards of associated with combustible cladding of aluminium-sheathed polyethylene and the like were a well-known fire hazard.

Personal memory as a young fire protection engineer being trained by Factory Mutual in the US in the ‘70s recalls being exhorted to ensure robust attachment, managed flue spaces and endless sprinklers as industrial de rigueur.

The fire at the Lacrosse Building - 2004 (The Age)

Inferno at Grenfell Tower (AFP PHOTO/Natalie Oxford)

The most alarming aspect of the NYT article is the argument that, despite repeated warning from competent parties, the regulators and politicians put the financial interests of the construction industry before safety. The article goes on to imply that had regulations banning this type of combustible cladding been in place (as is the case in many other countries), there is a significant chance that the Grenfell fire would not have occurred.

Whilst we suspect this to be true, the NYT argument, from R2A’s perspective, is flawed.

***

The UK Work Health and Safety at Work etc Act (1974), like the Victorian OHS ACT (2004) and the model WHS Acts in Australia calls up the legal principle of due diligence to a SFAIRP standard. That is, a known hazard should be eliminated, so far as is reasonably practicable, or if not eliminated, reduced so far as is reasonably practicable. The dangers of combustible external cladding in buildings are well known, as are the recognised good practice precautionary options available to manage them. Demonstrating due diligence that this has been achieved is morally sound and commercially obvious. It is also the law.

This suggests that the officers of the organisations responsible for the construction, approval and installation of the cladding all failed their duty of care. The question of whether or not specific regulations for combustible cladding were warranted is, in one sense, beside the point.

As we’ve previously stated, it is impossible to implement legislative prescription of specific safety measures for the essentially infinite ways in which people may be damaged. This is the reason for the qualifier ‘reasonable’ in overarching health and safety duties of care.

So then what is the purpose of health and safety regulations? Regulations are hindsight-driven legislation intended to mandate specific examples of recognised good practice. They often appear to arise from historical lessons. They set out minimum requirements that must be achieved under statutory law (as distinct from the less specific recognised good practice that is the minimum requirement under the common law). Regulations set a benchmark that must be achieved, but do not provide any guarantee that any overarching duty of care implied by a regulation’s superior Act is satisfied. And as the world changes, hindsight-driven regulations necessarily can't keep up.

Regulations, then, must be seen as an input to and check against any safety due diligence argument designed to address the overarching duty of care. They are neither starting point nor finishing line; they lie parallel to the safety due diligence process.

However, regulations and (even more commonly) standards called up by legislation are often seen as compliance targets. This appears to have a number of causes. One is the compliance culture that integrated with risk management a number of years ago. This had advantages, including a focus on consistency and documented decision-making processes. However, it can also lead to safety risks being addressed in a check-box fashion, and a lack of understanding that when dealing potential future events, some personal judgement is always required.

A second cause appears to be the increasing level of detail in some regulations. When designing and building to the Building Code of Australia, for instance, there are literally hundreds of pages of requirements that must be understood and addressed. There are, we are sure, good reasons for each BCA requirement, but the minute detail given can impart a false sense of completeness when addressing safety issues. In our experience, compliance with the BCA is often seen as the goal, rather than a component of a safety due diligence argument.

And, as we’ve also previously noted, when one asks any engineer if simply complying with regulations will make something safe they invariably laugh. Mere compliance with regulations does not make anything ‘safe’ per se, although it can prevent certain responsible parties (those with a duty of care) from going to jail if bad things happen. This is most certainly not the intent of any health and safety legislation.

***

Regulations prohibiting combustible cladding of aluminium-sheathed polyethylene are now a significant possibility in a number of jurisdictions, including Australia and the UK. But such regulations will not ensure developers and builders satisfy their overarching duty of care, merely that there is another target to meet. A wider focus on safety due diligence is needed.

Investigations into these fires are still underway in London and Melbourne, with the Victorian Government appointing a taskforce led by architect and former premier Ted Ballieau. We will watch their outcomes with interest.

Read More

Gas Supplementary Issues Paper - Review of Victoria's Electricity and Gas Network Safety Framework

Submissions for the Gas Supplementary Issues Paper on the review of Victoria’s electricity network safety framework closed on Friday 16 June. Along with the following organisations, R2A welcomed the opportunity to respond to the independent review.

Our response focuses on the following particular aspects of the review:

  • The objectives of the safety framework in Victoria and an assessment of its effectiveness in achieving safety outcomes.
  • The extent to which the regulatory framework governing network safety ensures effective risk management by energy network businesses.

In particular the reliance on the traditional quantified risk assessment (QRA) and the ALARP (as low as reasonably practicable) approach using target risk criteria (tolerable or acceptable) by the gas and major hazard industries which has two primary difficulties:

  • Arguable non-compliance with the provisions of the Gas Safety Act (1997) and OHS Act (2004), and,
  • Disutility for land use (safety) planning that the QRA-ALARP-target-risk-criteria process facilitates.

Many of the points in R2A’s submission on the electricity networks also apply to the Victorian gas industry. Much of R2A’s submission on the electrical safety in Victoria is devoted to explaining why the legal presentation of SFAIRP (so far as is reasonably practicable) is not equivalent to ALARP (as low as reasonably practicable). This argument also applies to gas safety.Such an observation always generates commentary to the effect that major organisations like Standards Australia, NOPSEMA and the UK Health & Safety Executive (UK HSE) (a much-quoted source) say that it is.For example, WorkSafe Victoria’s information sheet[1] on land use planning near a major hazard facility states that operators of an MHF must reduce risk to the surrounding area so far as is reasonably practicable where it cannot be eliminated. However, it then goes on to say that WorkSafe believes it appropriate to present the extent of risk areas around a MHF as planning advisory areas:

  1. Inner planning advisory area – the individual risk of fatality from potential foreseeable incidents is greater than or equal to 1 x 10-7 per year (one chance in 10 million years).

These key points are expanded in the body of the submission together with a possible way forward. See the full response here.[1] https://www.worksafe.vic.gov.au/resources/land-use-planning-near-major-hazard-facility for current advice for Major Hazards land use planning from Worksafe Victoria (viewed 14 June 2017).

Read More

Engineering Coming Into Focus

Doctor Iain McGilchrist will soon be in Australia to present to the 2017 Annual Conferences of Judges of the Federal and Supreme Courts of Australia. Dr McGilchrist is a psychiatrist and a former reader in English at Oxford University. Dr McGilchrist’s most recent book, The Master and His Emissary, has been discussed in an illustrated TED talk and is also the subject of an upcoming documentary.

The Master and His Emissary explores the evolution, interactions, workings and meanings of the human brain’s left and right hemispheres. In particular, he investigates and expands on the different roles the left and right hemispheres play in our interaction with, perception of, and understanding of the world.

One of the many interesting concepts discussed is the notion of the ‘gestalt’ in cognition and understanding. Comprehending the gestalt may be thought of as the appreciation of something as more than the sum of its parts – for example, the “ah-ha!” moment when meaning emerges from the image above.

Once the Dalmatian is perceived it becomes obvious, even though it is not ‘built’ from the component black blotches of the image. Appreciation of the gestalt is something for which the right hemisphere has a much great facility than the left. It excels in understanding context and individuality.

The left hemisphere, in contrast, tends to work with logic and analysis, systems, models, representations, classing and sorting, and so on. It assembles component parts into a known whole, to move in a linear fashion from a starting point to a finishing point – whether or not this remains in the proper context.

Ultimately both of these approaches are needed for problem-solving. Unfortunately, in engineering, there is sometimes a tendency to treat analysis as the whole of the solution. This particularly presents problems when the analysis is seen as ‘true’ or ‘real’. Ultimately a model is literally a re-presentation of the world – a simplified system built in terms that (we believe) we understand. As the statistician George E. P. Box noted, “all models are wrong, but some are useful”.

However, it is very difficult, and sometimes impossible, to simultaneously appreciate a gestalt and its components. As soon as one focuses absolutely on one blotch in the picture above, the Dalmatian disappears.

R2A has found an effective approach to problem-solving is the following ‘V’ process. The example below is for a generic safety issue, but the approach may be adapted to any problem.

R2A / Due Diligence / Engineering / Work Health and Safety

One key is the understanding that detailed analysis may or may not be needed. Each problem is individual and unique, and providing convincing solutions to different groups of stakeholders each facing the same problem will often require different levels of detail. Keeping this in mind during analysis, with an understanding of the high level problem context and solution goals, assists in delving only to the analytical depth necessary.

A second key is the recognition that this is not a linear process. It may take the form of an ascending spiral, continually reviewing and refining past ideas as it moves towards resolution. Or a solution may, as with the Dalmatian image above, simply emerge from the assembly of data, as a picture coming into focus.

Either way, retaining the context and individuality of each problem is paramount to developing good solutions – engineering’s ultimate aim.

Read More
Due Diligence Due Diligence

Engineering Due Diligence Workshop

The learning method at the R2A-EEA public workshops follows a form of the Socratic ‘dialogue’. Typical risk issues and the reasons for their manifestation are articulated and exemplar solutions presented for consideration. The resulting discussion is found to be the best part for participants as they consider how such approaches might be used in their own organisation or projects.

Current risk issues of concern and exemplar solutions include:

  • Project schedule and cost overruns. This is much to do with the over-reliance on Monte Carlo simulations and the Risk Management Standard which logically and necessarily overlook potential project show-stoppers. A proven solution using military intelligence techniques will be provided. This has never failed in 20 years with projects up to $2.5b.
  • Inconsistencies between the Risk Management Standard and due diligence requirements in legislation, particularly the model WHS Act. A tested solution that integrates the two is presented, as is now being implemented by many major Australian and New Zealand organisations.
  • Compliance ≠ due diligence. Solutions to avoid over reliance on legal compliance as an attempt to demonstrate due diligence are provided.
  • SFAIRP v ALARP debate. Model solutions presented (if relevant to participants) including marine and air pilotage, seaport and airport design (airspace and public safety zones), power distribution, roads, rail, tunnels and water supply.

Participants are also encouraged to raise issues of concern. To enable open discussion and explore possible solutions, the Chatham House Rule applies to participants’ remarks meaning everyone is free to use the information received without revealing the identity or affiliation of the speaker.

Remaining dates for 2017 are:

Perth               21 & 22 JuneBrisbane         23 & 24 AugustWellington       5 & 6 SeptemberMelbourne       25 & 26 October

Read More
Due Diligence Due Diligence

Review of Victoria's Electricity and Gas Network Safety Framework

On 19 January 2017, the Minister for Energy, Environment and Climate Change announced an independent review of Victoria’s Electricity Network Safety Framework, to be chaired by Dr Paul Grimes. On 5 May 2017, the Minister announced an expansion to the review's terms of reference to include Victoria’s gas network safety framework.It has been more than a decade since the current safety framework has been in place and it is timely to review the existing arrangements to ensure they adequately reflect the needs of the community in an increasingly complex environment.The review will include extensive consultation with industry and the community to inform the development of a final report and recommendations.Consistent with the expanded terms of reference, the Review of Victoria’s Electricity and Gas Network Safety Framework examines the safety framework applicable to the electricity and gas networks in Victoria and assesses its effectiveness in achieving desired safety outcomes. It will review the design and adequacy of the safety regulatory obligations, incentives and other arrangements governing the safety of Victoria’s electricity and gas networks.The existing Secretariat established within the Department of Environment, Land, Water and Planning to support the independent reviewer, Dr Paul Grimes, has been additionally resourced.Submissions for the Issues Paper on the review of Victoria’s electricity network safety framework closed on Friday 28 April. Along with the following organisations, R2A welcomed the opportunity to respond to the independent review.

Our response focuses on the following particular aspects of the review:

  • The objectives of the safety framework in Victoria and an assessment of its effectiveness in achieving safety outcomes.
  • The design and adequacy of the safety regulatory obligations (including safety cases and the Electricity Safety Management Scheme), incentives and other arrangements governing energy network businesses and any opportunities for improvement.

R2A’s overall perception is that electrical networks in Australia and New Zealand operate in an evolving and interesting regulatory space with overlapping financial, safety and security of supply issues. There is also a plethora of sometimes contradictory standards. Wending a path that simultaneously satisfies all of the competing issues is complex and fraught with methodological superstition. This undoubtedly creates substantial unnecessary expense and waste.From the viewpoint of an effective safety framework, the key issues we believe are causing the greatest angst at the moment are as follows:

  1. Competition v Cooperation PolicyThe mantra of competition policy is being considered in isolation from the rest of the competing requirements for the safe (and reliable) delivery of electrical energy. This includes both security of supply and safety generally, and especially in Victoria major bushfires started by the electricity network. For example, high reliability requires redundancy whereas commercial efficiency is typically achieved by running without headroom. The current manifestation of economic competition policy does not deal effectively with disaster scenarios (where cooperation is essential) especially for low likelihood, high consequence events, such as black or ash bushfire days which occur about once every 25 years in Victoria.
  2. Risk Management Standard v Occupational Health and Safety LegislationThe obligations of Victoria’s Occupational Health and Safety (OHS) legislation conflict with the Risk Management Standard (ISO31000) which most corporates and governments mandate. This is creating very serious confusion, particularly with the understanding of economic regulators.The risk management standard tries to manage ‘risk’ to ‘acceptable’ levels, whereas the 2004 Victorian OHS Act (and now model WHS legislation) ensures that everyone is entitled to the same minimum level of protection (but not necessarily the same level of risk).
  3. Network Standards with Internal ContradictionsStandards with internal contradictions like AS 5577:2013 – Electrical network safety management systems and the EG(0) Power System Earthing Guide create enormous tensions. Specifically, they advocate using target risk criteria such as ALARP, below which risks are deemed ‘tolerable’ and do not require further action, a position in conflict with the health and safety legislation passed by all Australian parliaments and decisions of the High Court of Australia.

These key points are expanded in the body of the submission together with a possible way forward. See the full response here.

Read More
Due Diligence Due Diligence

Design Safety Decisions Don't Disappear

A recent civil case in New South Wales has highlighted the importance of diligent ‘safety in design’ decisions being made by architects and engineers.

The case in question involved a golf club patron falling into a sunken garden bed adjacent to a car park. The car park provided 90-degree car parking. A kerb separated the garden bed and the car park. The patron’s car was parked with its boot facing the kerb.

At the time of the fall, the patron had placed a large object into his car boot and stepped backwards from the kerb. However, what appeared to be a garden bed at the level of the car park was in fact a sunken garden bed some 800 millimetres below car park level, with foliage that had grown to the level of the car park.

As a result of the fall, the patron sustained injuries. He subsequently sued the golf club as owner and operator of the facility. He also sued the designer of the garden bed, a prominent architecture firm. Following appeals, the courts ruled in favour of the plaintiff, finding that both the golf club and the architecture firm had been negligent, with liability divided 75 per cent and 25 per cent respectively.A key point in the finding against the architecture firm was that they, as designer of the landscape that included the garden bed, must have had knowledge of the types of plants in the location, and could have reasonably foreseen that these would grow to obscure the depth of the garden bed next to the car park. The court also found that the provision of a balustrade would have prevented the injuries sustained by the plaintiff, and that this could reasonably have been included in the garden bed design.The safety influence of designersDesigners, including architects and engineers, have enormous influence over the safety of our designs. Our decisions determine how our designs may be constructed, operated, used, maintained, upgraded, decommissioned and disposed of.  And with great power comes great responsibility.Designers must meet many responsibilities with their designs, including function, cost, contract terms, time frames, constructability, operability, maintainability, environmental impact and safety. As we make design decisions we attempt to foresee the future, when our ideas become material reality and our design decisions are put into practice. Through this foresight we attempt to balance our many responsibilities. Arguably the foremost amongst these is safety.And so as designers we stand at our point in time, trying to foresee all credible safety incidents that may occur on, in, around, and because of our designs, and to address them through our design decisions.Unfortunately, despite our best efforts, this is an imperfect exercise. The best we can do is convince ourselves that we’ve not overlooked any critical safety issues, and that we have provided a design that includes all reasonable measures to address these critical issues. That is, no matter what happens in the future, we want to know (and demonstrate) that right here and now we are making diligent decisions, addressing safety and balancing all our other responsibilities.In the end, although we use foresight, our decisions will be judged in hindsight. We need to consider how our decisions will be examined if (when) something goes wrong and someone gets hurt. In general this means that we need to show that during the design phase we had considered the potential for the incident (or had good reason to have missed it), and that all reasonable practicable design measures were included.Designers developing good answers to these questions during the design phase is becoming more and more of a focus, not just for fear of litigation, but with the increased focus under the national Model Work Health and Safety legislation on the safety influence and responsibilities of organisations’ ‘officers’, which could very likely include engineers and architects.The diligent design safety processSo how can designers do this? Firstly, we need to demonstrate why we are confident that all credible, critical issues are identified at the design stage. A good approach to this is a vulnerability assessment. It provides a formal, high-level argument that all critical safety risks to all exposed groups in all project phases have been identified. Patrons falling into the lowered garden bed during car park use would seem to be quite foreseeable.From there, any obviously reasonable measures must be implemented to address the identified risks. Measures commonly implemented by designers in similar situations are a very good guide to this. It may involve applying a design standard or guideline, or standard industry measures. This recognised good practice is the minimum that must be in place. It may be in the form of a specific design, performance requirements, or a general approach to similar issues, but it must be implemented.In this instance, provision of a physical barrier to prevent people falling into a lower area adjacent to a foot trafficked area may me considered recognised good practice. Or perhaps there is a general design principle that steps or drop-offs should not be located at the end of ninety-degree car parking. The importance of knowledge sharing among designers is obvious.The crucial final step then involves considering any further potential measures that may be implemented in addition to recognised good practice. At this point the range of other designer responsibilities can be added to the balance.  For any further potential measure, the benefit, in terms of risk reduction, can be balanced against the functional, financial, environmental, etc. implications to determine if the measure in question is justified.For instance, signage warning of the lowered garden bed would have been a further potential measure. Selection of low-height mature plants for the garden bed to emphasis the lower ground level would also have been an option. The increased expense of signage or (for example) plant purchase and watering costs could then be balanced against the benefits provided by greater patron awareness of the drop-off.This approach allows designers to take their diverse responsibilities into account while still ensuring good design safety decisions are made. It provides, through recognised good practice, a minimum level of protection against foreseeable risks for all exposed persons. It then provides financial efficiency by allowing designers to balance their other responsibilities against the benefits of any further options. And through this process, our design decisions can be carried forward into reality with the knowledge that we have exercised safety due diligence.

This article first appeared on Sourceable.

Read More
Due Diligence Due Diligence

Swinburne – Introduction to Risk and Due Diligence

R2A’s unit Introduction to Risk and Due Diligence at Swinburne University is now a core unit for two postgraduate Master courses, The Master of Professional Engineering and The Master of Construction and Infrastructure Management. With 140 students enrolled in the course, delivery has become a real team effort.The Master of Professional Engineering is designed to help students develop skills in professional management, communication, and research methods and principles in the engineering discipline. Students undertake research and project work and benefit from the industry focus of the program. Students participate in a professional industry project. This experience allows students to apply their knowledge and skills to industry problems. They also enhance students’ awareness of industry and provide valuable networking opportunities.The Master of Construction and Infrastructure Management aims to prepare graduates for future roles in managing people, equipment, materials, technological processes and funds in the construction, management and maintenance of buildings and assets in the civil infrastructure. This aim is facilitated by the study of advanced management and engineering techniques in the fields of construction, building and maintenance.Students gain significant knowledge and skills in procurement and project delivery, resource planning and management, project costing, health and safety, and risk management. They also learn about the environmental, financial, legal and contractual considerations associated with project-based industries.To provide students with a broad understanding of risk management, including basic concepts and the suite of available techniques.The key learning outcomes for the unit are to:

  1. Understand fundamental due diligence, risk and reliability concepts;
  2. Apply the safety, economic and legal drivers of risk management requirements;
  3. Comprehend different organisational risk paradigms and models;
  4. Recognise the liability and due diligence implications of risk managers, and how they relate to quantified risk management (QRA) techniques;
  5. Apply risk modelling and generative information gathering techniques;
  6. Apply the use of mathematics in risk and reliability analysis;
  7. Generate safety cases demonstrating due diligence and limiting legal liability; and
  8. Apply both top-down and bottom-up risk management techniques – and know when to use each

Further information about the Master of Professional Engineering or The Master of Construction and Infrastructure Management can be found on the Swinburne website.

Read More

Powerline Bushfire Safety Committee

Gaye recently attended the second meeting of the Powerline Bushfire Safety Committee (PBSC) at Energy Safe Victoria (ESV).As set out in the Committee Charter, the purpose of the PBSC is to provide the Director of Energy Safety (DoES) with comprehensive expert advice to support ESV in its administration of the Electricity Safety (Bushfire Mitigation) Amendment Regulations 2016 (the regulations) and any advice ESV may, in turn, provide government on further policy changes that may be required in the light of initial network experience implementing the regulations.In addressing its purpose, the PBSC will have regard to the regulations, the regulatory impact statement (RIS) including the target fire risk reduction benefits set out herein, and the statement of reasons (SoR).The objective of the PBSC is to provide transparent, independent oversight and advice to ESV in undertaking its regulatory responsibilities to hold the distribution business accountable for the delivery of the fire reduction benefits implicit in the regulations.Gaye’s role is to provide risk management and best practice advice. All documents relating to the Committee’s activities can be found on the ESV website.

Read More
Due Diligence Due Diligence

Legal vs Engineered Due Diligence

The rise of the model Work Health and Safety legislation, and the need for officers to demonstrate due diligence to ensure that their business has all reasonable practicable safety precautions in place, has been interpreted in different ways.It’s not just a cynical exercise to cover your arse after the event (although that will be one outcome).When conducting investigations into industrial fatalities, the deceased’s co-workers often self-assess to see if there is something that they personally could have done that might have saved their mate. If there was, they feel really, really bad. Conversely, if after due consideration, they conclude that they had done everything in their power to prevent such an occurrence, they feel relieved.This is the natural human response. You can also see this occur with response of parent to the death of a child on ‘P’ plates. The parents always think long and hard about whether they should have done more to train their daughter or son before they were allowed unsupervised on the roads. The Bushfire Royal Commission into the 173 deaths arising from the Black Saturday fire is a similar response, but at a community level.The courts also serve this function, but at a societal level and in a very formal context. When considering cases dealing with health and safety impacts they ask, in effect, “Was there something else that ought to have been done that would have prevented this outcome?”This is our society’s introspection, which helps us feel that justice is served, and that we learn from our mistakes.Accepting this, how do we then demonstrate, before any event, to the satisfaction of our society, that we have done all we ought to, to ensure safety? In general, this will be by demonstrating due diligence in our safety decisions and action, as required by the model Work Health and Safety legislation. But how is due diligence defined?Lawyers, when asked to describe the nature of due diligence, focus on compliance with legislation, regulations and relevant codes of practice, that is, the law. Engineers, when asked if compliance with acts, regulations and codes guarantees that anything is ‘safe’ in reality, reply “no, of course not. Don’t be silly”.This means there is a substantial practicable gap between ‘legal’ and ‘engineered’ due diligence. The reason is that it is not possible for the laws of man (in the form of regulations and compliance) to predict the future. Our legal system (the courts, Royal Commissions and the like) is hindsight driven, applying the underlying principles of moral philosophy like, "do unto others as you would have done to you.”Due diligence engineering takes these moral principles as outlined by laws and court decisions taken in hindsight, and projects them to future human endeavour. This means that engineering due diligence is about the right thing to do, and not just covering your backside.

This article first appeared on Sourceable.

Read More

The Law and Engineering

The notion of engineering due diligence has expanded into Australian society, gradually displacing pure risk management as the ultimate aim of engineering decision-making. Numerous national and state-based laws have moved from mandating risk assessments to imposing specific duties to exercise due diligence, in health and safety, environmental protection and other areas.However, some standards and other non-mandated guidelines, regardless of legislated and common law precaution-based (SFAIRP) requirements and judgments (the laws of man), still promulgate approaches requiring the ‘scientific’ (ALARP) measurement and comparison of risk. This is presumably done with the view that risk can be examined and dissected as part of the laws of nature. Engineering and legal practitioners find themselves caught between these competing paradigms.An egalitarian society like Australia desires to ensure fairness amongst its citizens. One outcome of this view is that no one should be inequitably exposed to risk, and certainly not for the benefit of others. Being a free society, an individual can choose to be ‘riskier’, but this should be a matter of personal choice, not economic necessity.Risk equity can be demonstrated in two key ways. One is a scientific exercise that sets and complies with a maximum level of risk to which any person may be exposed. This requires detailed modelling of potential event sequences and comparison to a predetermined maximum acceptable level of risk.The second provides a minimum level of precaution (i.e. protection from risk) for all persons exposed to the undesired outcomes. This minimum level is generally demonstrated in recognised good practice, i.e. precautions considered reasonable by virtue of their implementation in similar situations.Pre-event, both methods conceptually provide for equal risk outcomes. However, post-event, only the minimum precaution equity approach can be tested objectively – either the precaution was in place or it was not. The maximum risk level equity approach is problematic to justify on a number of levels.The courts, reflecting Australia’s societal desire for fairness, established the precautionary approach in the common law duty of care. Post-event, the courts test whether all reasonable steps were taken to avoid damage to people. This long-established approach considers both precautionary risk equity and financial efficiency in determining what precautions, for any particular event, were reasonable.Unlike the courts, engineers and lawyers don’t have the benefit of hindsight in determining what is reasonable. Decisions must be made, with business, safety, societal and environmental implications, to address any number of potential events. These often include complex issues with valid but irresolvable competing stakeholder points of view.Due diligence engineering expands the courts’ ‘equal minimum level of precaution’ principle to a pre-event precaution-based decision-making philosophy incorporating the requirements of both science (the laws of nature) and society (the laws of man). This philosophy allows engineers and lawyers to together cut the Gordian knot that has developed when decision-making at the complex interface of physical and social infrastructure.

Read More

Everyone is Entitled to Protection – But not Always the Same Level of Risk

When it comes to dealing with a known safety hazard, everyone is entitled to the same minimum level of protection.

This is the equity argument. It arises from Australia’s work health and safety legislation. It seems elementary. It is elementary. It has also, with the best intentions, been pushed aside by engineers for many years.

The 1974 UK Health and Safety at Work Act introduced the concept of “so far as is reasonably practicable” (SFAIRP) as a qualifier for duties set out in the Act. These duties required employers (and others) to ensure the health, safety and welfare of persons at work.

The SFAIRP principle, as it is now known, drew on the common law test of ‘reasonableness’ used in determining claims of negligence with regard to safety. This test was (and continues to be) developed over a long period of time through case law. In essence, it asks what a reasonable person would have done to address the situation in question.

One key finding elucidating the test is the UK’s Donoghue v. Stevenson (1932), also known as ‘the snail in the bottle’ case, which looked at what ‘proximity’ meant when considering who could be adversely affected by one’s actions.

Another is the UK’s Edwards v. National Coal Board (1949), in which the factors in determining what is ‘reasonably practicable’ were found to include the significance of the risk, and the time, difficulty and expense of potential precautions to address it.

These and other findings form a living, evolving understanding of what should be considered when determining the actions a reasonable person would take with regard to safety. They underpin the implementation of the SFAIRP principle in legislation.

And although in 1986 Australia and the UK formally severed all ties between their respective legislature and judiciary, both the High Court of Australia and Australia’s state and federal parliaments have retained and evolved the concepts of ‘reasonably practicable’ and SFAIRP in our unique context.

In determining what is ‘reasonable’ the Courts have the benefit of hindsight. The facts are present (though their meaning may be argued). Legislation, on the other hand, looks forward. It sets out what must be done, which if it is not done, will be considered an offence.

Legislating (i.e. laying down rules for the future) with regard to safety is difficult in this respect. The ways in which people can be damaged are essentially infinite. That people should try not to damage each other is universally accepted, but how could a universal moral principle against an infinite set of potential events be addressed in legislation?

Obviously not through prescription of specific safety measures (although this has been attempted in severely constrained contexts, for instance, specific tasks in particular industries). And given the complex and coincident factors involved in many safety incidents, how could responsibility for preventing this damage be assigned?

The most appropriate way to address this in legislation has been found, in different places and at different times, to be to invoke the test of reasonableness. That is, to qualify legislated duties for people to not damage each other with “so far as is reasonably practicable.”

This use of the SFAIRP principle in health and safety legislation, as far as it goes, has been successful. It has provided a clear and objective test, based on a long and evolving history of case law, for the judiciary to determine, after an event, if someone did what they reasonably ought to have done before the event to avoid the subsequent damage suffered by someone else. With the benefit of hindsight the Courts enjoy, this is generally fairly straightforward.

However, determining what is reasonable without this benefit - prior to an event - is more difficult. How should a person determine what is reasonable to address the (essentially infinite) ways in which their actions may damage others? And how could this be demonstrated to a court after an event?

Engineers, as a group, constantly make decisions affecting people’s safety. We do this in design, construction, operation, maintenance, and emergency situations. This significant responsibility is well understood, and safety considerations are paramount in any engineering activity. We want to make sure our engineering activities are safe. We want to make sure nothing goes wrong. And, if it does, we want to be able to explain ourselves. In short, we want to do it right. And if it goes wrong, we want to have an argument as to why we did all that was reasonable.

Some key elements of a defensible argument for reasonableness quickly present themselves. Such an argument should be systematic, not haphazard. It should, as far as possible, be objective. And through these considerations it should demonstrate equity, in that people are not unreasonably exposed to potential damage, or risk.

Engineers, being engineers, looked at these elements and thought: maths.

Engineers, Lawyers & Safety / R2A Due Diligence Engineers

In 1988 the UK Health and Safety Executive (HSE) were at the forefront of this thinking. In the report of an extensive public inquiry into the proposed construction of the Sizewell B nuclear power plant the inquiry’s author, Sir Frank Layfield, made the recommendation that the HSE, as the UK’s statutory health and safety body, “should formulate and publish guidance on the tolerable levels of individual and social risk to workers and the public from nuclear power stations.”

This was a new approach to demonstrating equity with regards to exposure to risk. The HSE, in their 1988 study The Tolerability of Risk from Nuclear Power Stations, explored the concept. This review looked at what equity of risk exposure meant, how it might be demonstrated, and, critically, how mathematical and approaches could be used for this. It introduced the premise that everyone in (UK) society was constantly exposed to a ‘background’ level of risk which they were, if not comfortable with, at least willing to tolerate. This background risk was the accumulation of many varied sources, such as driving, work activities, house fires, lightning, and so on.

The HSE put forward the view that, firstly, there is a level of risk exposure individuals and society consider intolerable. Secondly, the HSE posited that there is a level of risk exposure that individuals and society consider broadly acceptable. Between these two limits, the HSE suggested that individuals and society would tolerate risk exposure, but would prefer for it to be lowered.

After identifying probabilities of fatality for a range of potential incidents, the HSE suggested boundaries between these ‘intolerable’, ‘tolerable’ and ‘broadly acceptable’ zones, the upper being risk of fatality of one in 10,000, and the lower being risk of fatality of one in 1,000,000.

The process of considering risk exposure and attempting to bring it within the tolerable or broadly acceptable zones was defined as reducing risk “as low as reasonably practicable,” or ALARP. This could be demonstrated through assessments of risk that showed that the numerical probability and/or consequence (i.e. resultant fatalities) of adverse events were lower than one or both of these limits. If these limits were not met, measures should be put in place until they were. And thus reducing risk ALARP would be demonstrated.

The ALARP approach spread quickly, with many new maths- and physics-based techniques being developed to better understand the probabilistic chains of potential events that could lead to different safety impacts. Over the subsequent 25 years, it expanded outside the safety domain.

Standards were developed using the ALARP approach as a basis, notably Australian Standard 4360, the principles of which were eventually brought into the international risk management standard ISO 31000 in 2009. This advocated the use of risk tolerability criteria for qualitative (i.e. non-mathematical, non-quantitative) risk assessments.

And from there, the ALARP approach spread through corporate governance, and became essentially synonymous with risk assessment as a whole, at least in Australia and the UK. It was held up as the best way to demonstrate that, if a safety risk or other undesired event manifested, decisions made prior to the event were reasonable.

But all was not well.

Consider again the characteristics of a defensible argument. It should be systematic, objective and demonstrate equity, in that people are not unreasonably exposed to risk.

Engineers have, by adopting the ALARP approach, attempted to build these arguments using maths, on the premise that, firstly, there are objective acceptable and intolerable levels of risk, as demonstrated by individual and societal behaviour, and, secondly, risk exposure within specific contexts (e.g. a workplace) could be quantified to these criteria. There are problems with mathematical rigour, which introduce subjectivity when quantifying risk in this manner, but on the whole these are seen as a deficit in technique rather than philosophy, and are generally considered solvable given enough time and computing power.

However, there is another way of constructing a defensible argument following the characteristics above.

Rather than focusing on the level of risk, the precautionary approach emphasises the level of protection against risk. For safety risks it does this by looking firstly at what precautions are in place in similar scenarios. These ‘recognised good practice’ precautions are held to be reasonable due to their implementation in existing comparable situations. Good practice may also be identified through industry standards, guidelines, codes of practice and so on.

The precautionary approach then looks at other precautionary options and considers on one hand the significance of the risk against, on the other, the difficulty, expense and utility of conduct required to implement and maintain each option. This is a type of cost-benefit assessment.

In practice, this means that if two parties with different resources face the same risk, they may be justified in implementing different precautions, but only if they have first implemented recognised good practice.

Critically, however, good practice is the ideas represented by these industry practices, standard, guidelines and so on, rather than the specific practices or the standards themselves. For example, implementing an inspection regime at a hazardous facility is unequivocally considered to be good practice. The frequency and level of detail required for inspection will vary depending on the facility and its particular context, but having no inspection regime at all is unacceptable.

The precautionary approach provides a formal, systematic, and objective safety decision-making alternative to the ALARP approach.

Equity with regard to safety can be judged in a number of ways. The ALARP approach considers equity of risk exposure. A second approach, generally used in legislation, addresses equity through eliminating exposure to specific hazards for particular groups of people, without regard to probability of occurrence. For example, dangerous goods transport is prohibited for most major Australian road tunnels regardless of how unlikely they may be to actually cause harm. In this manner, road tunnel users are provided equity in that none of them should be exposed to dangerous goods hazards in these tunnels.

The precautionary approach provides a third course. It examines equity inherent in the protection provided against particular hazards. It provides the three key characteristics in building a defensible argument for reasonableness.

It can be approached systematically, by first demonstrating identification and consideration of recognised good practice, and the decisions made for further options.

It is clearly objective, especially after an event; either the precautions were there or they were not.

And it considers equity in that for a known safety hazard, recognised good practice precautions are the absolute minimum that must be provided to protect all people exposed to the risk. Moving forward without good practice precautions in place is considered unacceptable, and would not provide equity to those exposed to the risk. While further precautions may be justified in particular situations, this will depend on the specific context, magnitude of the risk and the resources available.

Oddly enough, this is how the Courts view the world.

The Courts have trouble understanding the ALARP approach, especially in a safety context. From their point of view, once an issue is in front of them something has already gone wrong. Their role is then to objectively judge if a defendant’s (e.g. an engineer’s) decisions leading up to the event were reasonable.

Risk, in terms of likelihood and consequence, is no longer relevant; after an event the likelihood is certain, and the consequences have occurred. The Courts’ approach, in a very real sense, involves just two questions:

Was it reasonable to think this event could happen (and if not, why not)?Was there anything else reasonable that ought to have been in place that would have prevented these consequences?The ALARP approach is predicated on the objective assessment of risk prior to an event. However, after an event, the calculated probability of risk is very obviously called into question. This is especially so as the Courts tend to see low-likelihood high-consequence events.

If, using the ALARP approach, a safety risk was determined to have less than a one in 1,000,000 (i.e. ‘broadly acceptable’) likelihood of occurring, and then occurred shortly afterwards, serious doubt would be cast on the accuracy of the likelihood assessment.

But, more importantly, the Courts don’t take the level of risk into account in this way. It is simply not relevant to them. If a risk is assessed as ‘tolerable’ or ‘broadly acceptable’ the answer to the Courts’ first question above is obviously ‘yes’. The Courts’ second question then looks not at the level of risk in isolation, but at whether further reasonable precautions were available before the event.

‘Reasonable’ in an Australian legal safety context follows the 1949 UK Edwards v. National Coal Board definition and was refined by the High Court of Australia in Wyong Shire Council v. Shirt (1980). It requires that, when deciding on what to do about a safety risk, one must consider the options available and their reasonableness, not the level of risk in isolation. This is the requirement of the SFAIRP principle.

This firstly requires an understanding of whether options are reasonable by virtue of being recognised good practice. The reasonableness of further options can then be judged by considering the benefit (i.e. risk reduction) they could provide, as well as the costs required to implement them. Options judged as unreasonable on this basis may be rejected. It is only in this calculus that the level of risk (considered first in the ALARP approach) is considered by the Courts.

The ALARP approach does not meet this requirement. If a risk is determined to be ‘broadly acceptable’ then, by definition, risk equity is achieved, and no further precautions are required. But this may not satisfy the Courts’ requirement for equity of minimum protection from risk through recognised good practice precautions. It may also result in further reasonable options being dismissed.

The precautionary approach, on the other hand, specifically addresses the way in which the Courts determine if reasonable steps were taken, in a systematic, objective and equity-based manner. From a societal point of view, the Courts are our conscience. Making safety decisions consistent with how our Courts examine them would seem to be a responsible approach to engineering.

The ALARP approach was a good idea that didn’t work. With the best intentions, it was developed to its logical conclusions and was subsequently found to not meet society’s requirements as set forward by the Courts.

The precautionary approach’s recent prominence has been driven by the adoption of the SFAIRP principle in the National Model Work Health and Safety Act, now adopted in most Australian jurisdictions, followed by similar changes through the Rail Safety National Law, the upcoming Heavy Vehicle National Law and others. And as the common law principle of reasonableness finds it way into more legislation the need for an appropriate safety decision-making approach becomes paramount. It is an old idea made new, and it works. It provides equity.

Is there any good reason to not implement it?

This article first appeared on Sourceable.

Read More