top of page

I am a safety lawyer, safety manager and a board member. How do I think about due diligence?

I have been criticised for many things based on my observations about health and safety management over the years. Being a lawyer, it is easy for people to criticise me for operating theoretically, and without regard for the practical, operational aspects of health and safety management. However, in response to those criticisms I have worked in various “high-hazard” occupations including oil and gas, agriculture, warehousing, manufacturing, working at the ports and the military. I have done risk assessments, audits, contractor assessments and I have worked under bureaucratic safety processes.

This conversation, however, is about due diligence.

Relevant to that I am safety lawyer, I work part-time as a safety manager and I am also a board member and separately, a board representative on a health and safety committee.

With this background, how do I think about due diligence?

First, I have to apologise because this discussion is underpinned to some extent by my current experiences in Western Australia. Western Australia has not “harmonised” its health and safety legislation, and there is a great deal of discussion about what the effect of the move from the existing legislation to harmonised legislation might be.

Some of my thoughts on this are set out below, which should create a conversation about both the move to harmonised legislation, as well as due diligence obligations under harmonised – or any other health and safety – legislation.


Section 55 of the Occupational Safety & Health Act 1984 (WA) (OSH Act) says that if a business is prosecuted for an offence, any “director, manager, secretary or other officer” of the business can be guilty of the same offence if it “occurred with the consent or connivance of, or was attributable to any neglect” on their part.

In October 2018, penalties for breaches of the OSH Act increased significantly.

Penalties for a breach of section 55 vary depending on the nature of the offence proven against the business. For example, an offence which causes death or serious injury has a maximum penalty, for a first offence, of $400,000 (for an individual). However, if the contravention amounts to “gross negligence” the maximum penalty for a first offence is $550,000 and imprisonment for 5 years.

Obviously, I have a personal, vested interest in these developments - I am a company officer.

While there have been many prosecutions of individuals as managers or company officers under the OSH Act and equivalent provisions in other jurisdictions it is difficult to assess the scope of the provisions. This is because nearly all prosecutions have been against small business owners, who are close to the day-to-day operations of the business and many actually involved in the work being performed at the time of the accident.

Based on the history of these types of proceedings, it is difficult to assess when or how they might be applied to executive officers, but honestly, I would not lose any sleep about the threat of an occupational safety and health prosecution. There is simply no historical precedent for prosecutions of board members independent of the working directors.


Western Australia is currently considering changes to occupational safety and legislation based on the national model adopted in most Australian jurisdictions in 2011 and 2012. The national model is referred to as Workplace Health and Safety (WHS) however the proposed changes under WHS do not materially change executive obligations.

WHS includes a positive obligation of due diligence on company officers.

The primary difference between the OSH Act and WHS in relation to company officers is procedural. Under the OSH Act, to prosecute an individual, the prosecution has to prove the corporate entity committed an offence first and then charge and convict the individual. Under WHS, the prosecution does not have to convict a corporate entity, and there does not have to be an offence by the corporate entity. Under WHS, a relevant individual (i.e. company officer - me) can be prosecuted for simply not meeting their obligations.

Like the OSH Act, the prosecutions against company officers under WHS have been against small business owners with day-to-day involvement in the relevant work. What this means for executives removed from day-to-day operations has not been tested.

Practical governance

While it is administratively easier to prosecute a company officer under WHS the substance of the obligations has not changed. In other words:

  • If the conduct of the officer amounted to a defence under the OSH Act, it would also amount to a defence under WHS and vice versa; and

  • If the conduct of the officer amounted to a breach of the OSH Act, it would also amount to a breach of WHS and vice versa.

The substantive obligation has not changed.

However, because of the history of these types of prosecutions, it is difficult to confirm how the obligations of executive managers not involved in the day-to-day management of the business, will be assessed by a court.

A recent example which gives some guidance is the Pike River Royal Commission (Royal Commission). The Royal Commission looked at safety management at the Pike River coal mine in New Zealand, following the deaths of 29 workers in an underground explosion in 2010. The Royal Commission made the following observation:

The statistical information provided to the board on health and safety comprised mainly personal injury rates and time lost through accidents. … The information gave the board some insight but was not much help in assessing the risks of a catastrophic event faced by high hazard industries. … The board appears to have received no information proving the effectiveness of crucial systems such as gas monitoring and ventilation. (Page 53)

Based on this observation, prosecutions under health and safety legislation and prosecutions of company officers in other areas (e.g. Corporations Law), we can extrapolate the following principles:

Executives must bring an independent and critical mind to health and safety and challenge the health and safety information they receive.

Executives must understand their obligations under health and safety legislation.

Executives must understand the critical health and safety risks in the business and the processes to control them.

Executives must receive, or seek out, information which gives them assurance about:

  • Whether, or the extent to which, the critical health and safety risks are being managed in accordance with the relevant processes; and

  • The extent to which the processes are effective to control the critical health and safety risks;

Traditional lead (i.e. measures of activity) and lag (i.e. injury rates) indicators do not provide the information executives need to discharge their obligations. I have never read a health and safety report which I would accept as a board member.

Executive need to take personal and proactive measures from time to time, such as:

  • Personal visits and inspections;

  • Commissioning independent audits; or

  • Commissioning independent reviews.

It is important to recognise that “critical risks” do not just include hazardous activities but should also consider overarching systems. For example, working at height is a hazardous activity, but one of the key controls for managing working at height is training and competence. However, training and competence is a broad “system” issue, which affects many hazardous activities – if an organisation does not have effective systems to ensure training and competence then it is likely many hazardous activities will be compromised.

Other critical “system” issues might include:

  • Risk assessment;

  • Management of change; or

  • Supervision.

It is important that executive management consider (or take advice on) the crucial systems relevant to their business and align executive governance to those crucial systems. In other words, executive management needs to pay close attention to the crucial systems.

An important component of executive governance is regular health and safety reports which include:

  • Information and updates about the status of the management of critical risks;

  • Analysis of incidents and hazards during the reporting period, including whether the incident or hazard has any relevance to or impact on critical risks; and

  • Information about upcoming changes, projects or workload which might impact on health and safety, and on critical risks.

This is how I sleep at night.


This article represents a general discussion about legal principles. It is not specific advice, and you should seek your own legal advice in relation to your specific circumstances.

622 views0 comments


bottom of page