Safety Due Diligence White Paper

How to engineer safety due diligence under the provisions of the model WHS Act

White Paper Overview

In reality, to be safe means to be free from harm.

In court, however, safe means that despite something apparently unsafe having happened, due diligence has been demonstrated. 

And, in engineering terms this means that to be safe requires managing the laws of nature in a way that is consistent with the laws of man and in that order.

At R2A we have developed a routinely successful process to positively demonstrate safety due diligence consistent with the requirements of the model Work Health and Safety (WHS) legislation that has commenced in all Australian jurisdictions except, at the time of writing (2012), Western Australia and Victoria.

The R2A approach adopts a precautionary common law formulation for the demonstration of due diligence as a defence against negligence namely:

  • A completeness argument as to why all credible critical safety issues to all affected parties have been identified
  • An argument as to why all practicable precautions for each credible critical issue has been identified.
  • An argument as to which practicable precautions are reasonable consistent with decisions of the High Court of Australia, and
  • The establishment of a safety quality assurance regime to confirm that all reasonable practicable precautions are maintained on an ongoing basis.

This approach does not mean that bad things can’t happen. It means (assuming the activity is not prohibitively dangerous such that it should not occur at all) that all reasonable practicable precautions for all foreseeable, critical hazards to all affected parties are in place, based on the balance of the significance of the risk vs the effort required to reduce it. 

This also means that risks should be eliminated or minimised so far as reasonably practicable.

Such a position, based around the test of reasonably practicability arguable at a common law balance (the 50:50 tipping point), should provide superior safety outcomes for all whilst offering the best protection against criminal charges for responsible officers under the provisions of the model WHS Act.

R2A have provided this paper as a summary of the key requirements of the model WHS Act. We outline why traditional processes are likely to fail the challenge of the Act. We conclude by demonstrating how R2A can help you in this process.

Over the years, R2A has legally tested this approach regularly. We recommend that readers do so with their own legal counsel prior to adopting this approach.

Why your current OH&S System Probably won’t comply

The model WHS Act requires a positive demonstration of safety due diligence by responsible ‘officers’.

This completes, in statutory terms, the risk management paradigm shift from a hazard-based approach to a precaution-based approach consistent with the common law.

It’s a big change in thinking, perspective and action.

Hazard vs. Precaution Based Risk Assessment

The traditional (hazard-based) way to address safety risk is to:

  • Identify the hazards
  • Characterise the risk (likelihood and consequence) associated with each hazard
  • Compare this risk to tolerable or acceptable risk criteria or targets
  • If the criteria are not satisfied, then to implement controls (precautions or mitigations) until they are.

Such an approach has never satisfied common law judicial scrutiny. The diagram below shows the difference between the two approaches, especially for high consequence, low likelihood events.

The top loop describes the traditional hazard focused analysis listed above.

If the technical risk target were achieved in reality, the hazards of concern would not eventuate in the analyst’s lifetime.

But this is not the way of the world. Sometimes bad things will happen and the courts will examine the results.


The bottom loop describes the precautionary legal process applied by the courts and now the WHS Act.

This is necessarily hindsight biased. The courts simply do not care how often matters went well.

By definition, the courts only examine the minority of things that went wrong. After the event, the fact is certain.

This means that, from the court’s viewpoint, prior-to-the-event estimates of rarity for serious events were presumably flawed and that, prima facie, those who made such estimates have provided beyond-reasonable doubt proof of negligence.

As a judge in NSW has been reported as saying to engineers after a major accident: What do you mean you did not think it could happen? There are 7 dead.

The way the courts assess the situation is to consult post-event expert witnesses as to what could have been done to have prevented the disaster.

Being an expert with the advantage of hindsight is a comparatively straightforward task. The only time the notion of risk is used in court is when the court is testing to see if the precautions suggested by such experts (after the event) were reasonable in view of what was known at the time of the decision.

SFAIRP & ALARP (are not the same)

The diagram below describes the two approaches in a different way. 

The left hand side of the loop describes the legal approach which results in risk being eliminated or minimised so far as is reasonably practicable (SFAIRP) as described in the model WHS legislation.


The hazard based loop, shown on the right hand side (previous page), attempts to demonstrate that risk is as low as reasonably practicable or ALARP. But there are major difficulties with each step of this approach as noted in blue.

Firstly, hazard analysis and risk calculations are inherently unrepeatable.  Two independent risk experts assessing the same circumstances or situation never come up with the same answer (unless they use deliberately identical assumptions and processes in which case the assessment is not independent).  

Risk calculations and characterisations to enable a comparison with risk criteria are always imperfect especially with regard to human failings and management systems. Quoting Mark Tweeddale:

In the case of the process industry, most of the major disasters in recent years have resulted primarily from failures of management systems, which would not have been included in the quantitative assessment of risk, and not from random equipment failures such as are statistically assessable using data from data banks. This is a most serious limitation...

Secondly, risk criteria are subjective. The old adage should probably be extended to; there are lies, damned lies, statistics and then there are target risk criteria.  

Most risk criteria are based on statistical analyses. The traditional way to determine them is to consider mortality and injury statistics. But they are just that, statistics.  

The numbers change according to the exposed group selected. For example, the lightning strike death rate of around 1 in 10 million (for the whole population) is often selected as the lower limit to risk scrutiny for individual risk. However, if the mortality figures for the group of people who play golf during lightning storms are considered, it will be much higher.  Which number ought to be used? Further, the inconsistency in individual and societal risk criteria between states, especially Victoria and NSW dating from the mid-nineties is problematic. 

Thirdly, if the risk associated with a hazard is below the acceptable or tolerable threshold, there is a tendency to say that nothing further needs to be done, which is always problematic with low frequency, high severity events. 

The overall situation is perhaps best summarised by Chief Justice Gibbs of the High Court of Australia:

Where it is possible to guard against a foreseeable risk, which, though perhaps not great, nevertheless cannot be called remote or fanciful, by adopting a means, which involves little difficulty or expense, the failure to adopt such means will in general be negligent. 

That is, it does not matter how low the risk estimate is, if more can be done for very little effort, then the failure to do so will be negligent, in the event of an incident.

This leads to the fourth concern; that the temptation is to implement a precaution that reaches the target risk threshold without formally considering the hierarchy of controls. 

This shift from a hazard based risk assessment approach (which appears to be encouraged by the risk management standard ISO 31000) to the precautionary due diligence approach (encouraged by the common law and now the model WHS act), is summarised in the table below. 

Due Diligence based SFAIRP Hazard based ALARP
Precaution focused by testing all practicable precautions for reasonableness, that is, on the balance of the significance of the risk vs. the effort required to reduce it.   Hazard focused by comparison to acceptable or tolerable target levels of risk
Establish the context   Establish the context

Risk assessment (precaution based):

  • Identify credible, critical issues
  • Identify precautionary options
  • Risk-effort balance evaluation
  • Risk action (treatment)
  Risk assessment (hazard based):
  • (Hazard) risk identification
  • (Hazard) risk analysis
  • (Hazard) risk evaluation
  • Risk treatment
Criticality driven   Risk (likelihood and consequence) driven
Usual interpretation of WHS Act & common law.   Usual interpretation of AS/NZS ISO 31000

The difference between the two diagrams is the fading of many barriers on a Code Red day.

For example, on a Code Red day the extreme conditions make the likelihood of a fire start if an electrical fault occurs, higher. That is, the fault protection barrier is weaker.

Further, on Black Saturday the CFA (Country Fire Association, Victoria) and DSE (Department of Sustainability and Environment) were overwhelmed with calls and were unable to respond to every request for assistance, meaning the escalation control barrier was weaker than usual too.

A Paradigm Shift from Hazard to Precaution Based Risk Assessment

The point of the shift is to ensure that all reasonable practicable precautions are in place (that is, so that risks are eliminated or minimised so far as is reasonably practicable or SFAIRP), rather than to achieve an indefensible target level of risk or safety (like ALARP), which is a typical result of the hazard based approach.

The hazard based approach is all about inputs whilst the precaution based approach is all about outputs which is far more useful and productive. 

That is, not only are the requirements of the legislation met, it actually provides for superior safety outcomes more efficiently.

The hazard based approach seems to address its legal limitations with regard to mitigations by adding caveats, for example from the NSW Land Use Safety Planning Guidelines :

While it is useful to have objective, quantitative risk criteria, qualitative principles are equally important. These include:

  1. all ‘avoidable’ risks should be avoided;
  2. particular attention needs to be given to eliminating or reducing major hazards, irrespective of whether numerical criteria are met; and
  3. as far as possible, the consequences of significant events should be kept within facility boundaries.

The legal system (which requires a demonstration of due diligence following the left hand side of the diagram) does not have this problem.

As Andrew Hopkins notes: 

At law, employers must drive down risks as far as is reasonably practicable, and there is no level of risk which, a priori, can be said to be acceptable. Moreover, the law has a well-defined set of principles for determining whether risks are as low as reasonably practicable, and despite the indeterminacy of these principles, it is by no means clear that QRA and the tolerability / acceptability framework offers a better way of deciding how low is low enough. 

All this was not a legal issue whilst relevant statute law enabled the hazard based approach, as statute law always takes precedence over the common law.  However, once the legal concept of due diligence is called up by statute via the model WHS act the issue can no longer be side-stepped.

The point of the shift is to ensure that all reasonable practicable precautions are in place rather than to achieve an indefensible tolerable or acceptable level of risk or safety, which is a typical result of the hazard based approach. 

As Carveth Read put it in 1898:

It is better to be vaguely right than exactly wrong.

Key Questions for Businesses with implementation of WHS legislation

To ascertain if change is required in your business to comply with the WHS legislation, please refer to the information below.

Action in your businesses is required if:

  1. Your current OH&S system was established to comply with the Risk Management Standard ISO 31000, especially an earlier version such as AS/NZS 4360 – 2004.
  2. Internal Risk Managers have not briefed the Management team on the WHS changes and how they will affect your organisation.
  3. No-one in your organisation is the ‘go to’ person for the new legislation.
  4. No-one knows for sure if your current system complies with the WHS Act and there is a general consensus that ‘we will be compliant’ even though it has not been tested with legal counsel.
  5. Precautionary decision making is based on a target level of risk or safety and not the common law balance.
  6. As a responsible ‘officer’ in your business, if you have answered yes to any of these questions, then you need to conduct a review of safety in your business.

Safety is one of those non-negotiable bullet points on your job description.

Manager’s Responsibilities

The WHS Act requires that all responsible PCBU’s (persons conducting a business or undertaking) (excluding state and federal ministers) exercise due diligence by positively demonstrating a duty of care.  

What does this mean?  

This Act is specifically targeting corporate governance, that is Directors and Senior Managers.

Due diligence is all about precautions and when considering precautionary effort, the Act requires that organisations ensure that the highest level of protections… is reasonably practicable is in place.  Can you say for certain in your business that this is the case?

The Australian government has provided the following definition in “Guidance for Officers in Exercising Due Diligence” under the WHS act:

Due diligence – in the context of work health and safety – means taking every precaution that is reasonable in the circumstances to protect the health, safety and welfare of all workers and others who could be put at risk from work carried out as part of the business or undertaking. This includes work carried out overseas.

The Act makes it clear that a business must start with what can be done and only do less where it is reasonable to do so.  

That is, the Act specifically rejects the use of the commonly accepted notions of acceptable or tolerable risk criteria encouraged by most risk standards.

Penalties are criminal in nature and can provide for up to 5 years jail for responsible officers for recklessness (knew or made or let it happen). These responsibilities cannot be delegated, although as a statutory invocation, such charges must be proved beyond reasonable doubt.

Key Relevant Clauses from the Act

17 Management of risks 

A duty imposed on a person to ensure health and safety requires the person:

(a) to eliminate risks to health and safety, so far as is reasonably practicable; and

(b) if it is not reasonably practicable to eliminate risks to health and safety, to minimise those risks so far as is reasonably practicable.

18 What is reasonably practicable in ensuring health and safety 

In this Act, reasonably practicable, in relation to a duty to ensure health and safety, means that which is, or was at a particular time, reasonably able to be done in relation to ensuring health and safety, taking into account and weighing up all relevant matters including:

(a) the likelihood of the hazard or the risk concerned occurring; and

(b) the degree of harm that might result from the hazard or the risk; and

(c) what the person concerned knows, or ought reasonably to know, about:

 (i) the hazard or the risk; and

(ii) ways of eliminating or minimising the risk; and

(d) the availability and suitability of ways to eliminate or minimise the risk; and

(e) after assessing the extent of the risk and the available ways of eliminating or minimising the risk, the cost associated with available ways of eliminating or minimising the risk, including whether the cost is grossly disproportionate to the risk.

27 Duty of officers 

(1) If a person conducting a business or undertaking has a duty or obligation under this Act, an officer of the person conducting the business or undertaking must exercise due diligence to ensure that the person conducting the business or undertaking complies with that duty or obligation. 

(5) In this section, due diligence includes taking reasonable steps:

(a) to acquire and keep up-to-date knowledge of work health and safety matters; and

(b) to gain an understanding of the nature of the operations of the business or undertaking of the person conducting the business or undertaking and generally of the hazards and risks associated with those operations; and

(c) to ensure that the person conducting the business or undertaking has available for use, and uses, appropriate resources and processes to eliminate or minimise risks to health and safety from work carried out as part of the conduct of the business or undertaking; and

(d) to ensure that the person conducting the business or undertaking has appropriate processes for receiving and considering information regarding incidents, hazards and risks and responding in a timely way to that information; and

(e) to ensure that the person conducting the business or undertaking has, and implements, processes for complying with any duty or obligation of the person conducting the business or undertaking under this Act; and

(f) to verify the provision and use of the resources and processes referred to in paragraphs (c) to (e).

247 Officers 

(1) A person who makes, or participates in making, decisions that affect the whole, or a substantial part, of the business or undertaking of the Crown is taken to be an officer of the Crown for the purposes of this Act. 

(2) A Minister of a State or the Commonwealth is not in that capacity an officer for the purposes of this Act. 

252 Officer of public authority 

A person who makes, or participates in making, decisions that affect the whole, or a substantial part, of the business or undertaking of a public authority is taken to be an officer of the public authority for the purposes of this Act. 

Officer means:

(a) an officer within the meaning of section 9 of the Corporations Act 2001 of the Commonwealth other than a partner in a partnership; or 

(b) an officer of the Crown within the meaning of section 247; or 

(c) an officer of a public authority within the meaning of section 252, other than an elected member of a local authority acting in that capacity. 


Are all the relevant people in your organisation ready?

Why the Act Makes Good Business Sense

The law does not only require organisations and facilities to be safe and manage risk, it makes good business sense at a number of levels too. 

The Workforce 

The philosophy behind the WHS Act is consistent with the usual human response to death and injury. 

R2A has investigated a number of fatalities over the years. In part, this involves speaking with co-workers of the deceased. This is invariably an introspective process as the co-workers test to see if there is something that they could have done (and should have done) which would have saved their ‘mate’. 

The safety due diligence process enforced by the act addresses this since it requires a positive organisational demonstration that all practicable precautions are in place for all reasonably foreseeable hazards. What else could have been done? 

The CEO and Directors 

The due diligence process enables CEO’s and directors to sleep at night. It positively ensures that the decent safety thing is being done for all employees all the time in a way that is defensible in court, if required. 

Risk and Safety Managers 

The due diligence, precautionary process is outcome based and facilitates action. It is all about getting agreement as to want needs to be done to get on with the job. The hazard based approach encouraged by the risk management standard, is input based. This creates arguments, analysis paralysis and stifles action.

This means that applying the WHS Act will make risk and safety managers jobs simpler and more effective. 

It totally simplifies risk registers in a way which is explicable to the workforce. For example, can a precaution address multiple hazards and be justified? 

Organisational effectiveness 

Managing safety in a business is the right thing to do. It reduces downtime, protects workers, is good for internal communications, great for external PR and, if nothing else, provides your business with the solid notion that ‘we are a good corporate citizen’.

Demonstrating Safety Due Diligence

Most legal advice regarding the demonstration of due diligence as required by the model WHS legislation is focussed on a compliance audit to the relevant section and clauses. But this should be the outcome of the due diligence process, not the cause. 

That is, in order to be safe in reality, it is firstly necessary to manage the laws of nature. Confirming that this has been achieved to the satisfaction of the laws of man is a secondary exercise.

The ‘Y’ model was developed by R2A with the Gladstone Area Water Board in 2011, to specifically meet the requirements of the model Act. The process has been applied to many companies and authorities since, always to the satisfaction of relevant legal counsel.  

It has four primary steps to positively demonstrate due diligence: 

  1. A completeness argument to establish all credible critical hazards,
  2. Identification of all practicable precautions for each hazard,
  3. iii. Determination of the reasonableness of the practicable precautions, and
  4. Implementation of a safety QA system to ensure precautions are sustained into the future.

Identifying all Credible Critical Issues

The first step is to build an argument as to why all credible, critical issues have been identified. 

This can be done in a number of ways including the threat and vulnerability technique, which is derived from the military intelligence community. In essence this asks the question: What exposed groups are we trying to protect and to what credible threats are they exposed?  

This can be presented in a table which is a succinct way of describing all those to whom a duty of care is owed.

An exposed group can be vulnerable to a number of threats.  The identified vulnerabilities are examined for criticality (potential consequence) not risk (which includes likelihood.

Identifying all Practicable Precautions

The second step is where all available practicable precautions are to be established. This facilitates decisions as to which precautions are reasonably practicable in the circumstances. 

Threat-barrier (sometimes known as bow-tie) diagrams are one of the best ways to demonstrate this. 

The basis for the technique and its use as a defence to demonstrate due diligence in court is described in Section 14.3 Integrated presentation models.y

Legislation requires that risk control must be based upon the Hierarchy of Controls which is typically, in the order of most to least preferred:

  1. Elimination
  2. Substitution
  3. Engineering controls
  4. Administrative controls
  5. Personal Protective Equipment and Clothing (PPE)

Determining Reasonable Practicability

Due diligence is all about precautions. The precautionary (WHS) approach is outcome focussed by ensuring that all reasonable practicable precautions are in place, based on the balance of the significance of the risks vs. the effort required to reduce it, the High Court’s determined common law balance point. 

This is probably best represented by the diagram below, adapted from Sappideen and Stillman. Effort includes expense, difficulty and inconvenience and utility of conduct. 

Expense includes financial considerations, difficulty and inconvenience refers to the inconvenience of taking alleviating action and utility of conduct refers to the other aspects of conflicting responsibilities such action incurs.


The point here is that if the test of reasonably practicability is arguable at a common law balance (the 50:50 tipping point), then the likelihood of being successfully prosecuted on a beyond reasonable doubt basis (the level of proof required under the model WHS legislation) is very small, but this is a proposition that ought to be tested with the readers’ own legal counsel.

Barrier Implementation and Quality Assurance

Barriers (or combinations of barriers) that can be justified, on the balance of the significance of the risk vs the effort required to reduce it, can then be implemented. 

This decision can involve quantitative risk assessment on a relative risk basis.

Some form of quality assurance system also needs to be shown as being in place to ensure that the relevant precautions are sustained over time.  

SOPs (standard operating procedures) and work method statements contain the precautions in place to carry out various activities.  

Inspections, spot checks, toolbox meetings, consultation and audits etc ensure precautions and mitigations (barriers) are being sustained.

The results can be presented in a number of ways, particularly from the perspective of ensuring that the workers really test for relevant hazards and precautions rather than just completing paperwork to satisfy bureaucratic obligations. 

In particular, presentation systems that move away from the hazard based approach to risk assessment to the precaution based approach are important. The following table describes a reduced set of single line threat barrier diagrams for access to a telecommunications pit.

Such a table recognises that the hazards associated with accessing a telecommunications pit are well known as are the precautions available to mitigate them. 

So rather than asking workers to complete a hazard based risk assessment trying to establish all potential hazards ‘from scratch’, this list acts as an aide memoire. Which of these hazards exist, and are there any other hazards?


If any such hazard does exist then the solid green barriers (precautions) must be implemented. The dotted green barriers represent further potential precautions which may be implemented if reasonable in the circumstances. If having implemented all reasonable practicable precautions the task remains prohibitively dangerous, then the pit access should be aborted.


The introduction of the Work Health and Safety (WHS) Act has presented and continues to present extraordinary challenges to the way risk management is undertaken in Australia.

At R2A, we believe that the target level of risk approach encouraged by the Risk Management Standard amongst others fails the test of the model Work Health and Safety Act.

Our thinking is that organisations that use the target level of risk approach would be considered criminally ‘reckless’ under this legislation and subject to the full penalties of the Act, in the event of a death or injury arising from that organisation’s activities. The beyond reasonable doubt proof of recklessness would be available in the form of flawed estimates of rarity.

Being organised and compliant is non negotiable, at R2A we encourage you to take action sooner rather than later.

About R2A Due Diligence Engineers

Founded in 1996, R2A is a team of qualified and experienced engineers who deliver completely independent due diligence advice on critical risk issues. This ensures decisions are effective and meet safety and legal requirements.

R2A helps organisations across Australia and New Zealand resolve the risk and safety issues they can't afford to go wrong, and  communicate the solutions clearly throughout your organisation.

If you'd like to learn more about the due diligence methodology outlined in this White Paper

R2A runs regular two-day Engineering Due Diligence workshops in partnership with Engineers Education Australia, as well as tailored in-house briefings for organisations.

Or you can contact us direct to discuss your specific due diligence needs.

ABN 66 115 818 338
2020 Copyright R2A Due Diligence Engineers

You can find us on

GPO BOX 1477
phone-handsetmap-markercrosschevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram