Engineering Implications of the Harmonised Safety Legislation

Questions & Answers

Reader response regarding Richard's article - 'Engineering Implications of the Harmonised Safety Legislation'

This is a response that Richard received following the publication of an article in Engineering Media. Read the article here.

Hi Richard

Safety assurance is one of the 3 key elements of technical integrity (the other elements being fitness-for-service and environmental compliance), and as such risk assessments are a fundamental and important part of our engineering activities.

Your recent article in the January 2012 edition of the Engineers Australia magazine was a very interesting read, and has generated numerous discussions amongst my engineering colleagues. Thus, I am seeking some clarification on a number of statements made in your article, as follows:

Reader question –

Your article suggests that the 5 x 5 risk assessments matrix approach developed under the AS/NZS 4360 or AS/NZS ISO 31000 are fundamentally flawed under the due diligence requirements of the new harmonised safety legislation.

I have a difficulty in accepting this argument in the way that we currently conduct our risk assessments utilising the ISO 31000 standard and a tailored 5 x 5 risk matrix, as follows:

1. Hazards/risks are identified.
2. Qualitative (and sometimes quantitative) criteria for likelihood and consequences (for safety, performance and environment) are defined against which a risk level (untreated) is determined from a 5 x 5 matrix (i.e. low, medium, high, extreme). Qualified Objective Quality Evidence (OQE), rather than subjective opinion normally supports this assessment.
3. Subsequently, a risk mitigation activity is conducted in order to determine credible and precautionary risk mitigation strategies. The mitigation strategies are normally based on a Hierarchy of Controls (safety) approach to ensure that the level of effort (e.g. cost, schedule, resources, redesign, etc) is balanced and commensurate with the level of identified risk.
4. Thus, risk mitigation (or treatment) strategies are developed and proposed for implementation, and a subsequent residual (i.e. treated) level of risk is determined. Mitigations can include, for example; redesign, restrictions, additional training, warning/cautions in technical documentation/manuals, etc. In addition, these risk assessments are actively managed and reviewed.
5. The residual risk is then presented to the 'customer' (or executive authorities) for consideration for acceptance. Noting that the risk assessments we conduct are technical risk assessments, which are conducted by competent technical staff in consultation with relevant stakeholders (e.g. equipment users/operators, maintainers, trainers, etc).
6. Acceptance of the technical risks are then considered for acceptance by the relevant authority while balancing all other risks (e.g. operational, schedule, budget, etc).

Not sure I understand your arguments in the reference EA article, thus, seek your clarification as to how the above process which uses the 5 x 5 risk matrix based on AS/NZS ISO 31000 is considered flawed? Please clarify.

Richard response –

Originally the 5 x 5 matrix approach was derived from US and UK military standards in the 70s. At that time it appears to have been used as a reporting tool for military personnel to explain by exception the issues of concern in the value system of their decision makers. More recently, and especially by accounting and management firms, it has been used as a corporate risk decision criteria tool, especially in the sense that once the dot made it to the green area, no further risk reduction was required. This never satisfied the common law.

You sound like you are using it more in the original military sense. As a reporting tool, its use has always been fine.

Reader question –

By risk criteria, do you mean 'the acceptance of risk criteria'?

Richard response –

Yes. The notion of tolerable or target levels of risk.

Reader question –

Does acceptable risk criteria under the new laws actually mean 'so far as is reasonably practicable (SFARP)'?

If we can achieve SFARP, regardless of whether the residual risk is medium, high, etc, (i.e. provided the level of effort required to reduce the risk to SFARP is balanced and commensurate with the significance of the risk) then is due diligence not demonstrated?

Richard response –

SFARP may mean this. I'm not a lawyer. I avoid the term (and ALARP for that matter), as the final test will be in court, post event, judged to the common law duty of care. So I use the High Court's understanding of that duty and how this court expects it to be demonstrated.

Reader question –

Do you believe that the SFARP principle of common sense precautionary approach on risk reduction replaces the doctrine of risk tolerability (such as ALARP principle) or complements the efforts already accomplished in managing the risk of 'actual harm'?

Richard response –

Yes. The common law precautionary approach replaces the doctrine of tolerable or acceptable risk.

FYI - I have briefed the senior counsel for Defence in this whole matter (the OHS partner in Blake Dawson in Sydney) and he volunteered that the approach I mentioned in that article would demonstrate due diligence under the model act.