Engineers play an integral role in bringing society’s wishes to fruition. As Engineers Australia’s monthly magazine create notes, we engineer ideas into reality.

However, when we go about taking ideas and making them real we have responsibilities. We are obliged to consider the ideas’ risks as well as benefits. We must ensure that our engineering activities meet our society’s expectations, and in particular that we address all our legal duties as engineers.

And so, even as we engineer new ideas into reality, we must also engineer the new reality we create into ideas – the ideas expressed in Australia’s laws.

Australia is an egalitarian society. Our judicial and political systems are predicted on the basis of equality for all before the law. This gives rise to a number of interesting ideals. For instance, one of our fundamental legal safety principles is that, for a known safety hazard, everyone is entitled to the same minimum level of protection. This arises from work health and safety legislation in all states and territories.

As another example of this, recognised good practice is a standard to which all engineers are held, in safety matters and otherwise. Engineering good practice is demonstrated in many ways, including standards and guidelines for design, operation, asset management and so on. It is also presented in regulations, which essentially present good practice that is so well recognised that the governments agree that it must be mandated. The National Construction Code is a prime example of this.

This reliance on recognised good practice means that, for instance, an engineering project manager who fails to implement recognised good practice measures to address the risk of project cost or timeline overrun would very likely expose his organisation to civil liabilities.

The simplest, cheapest and most effective way for engineers to address these and other legal requirements is to adopt systems and processes that demonstrate due diligence, that is, that all reasonable measures have been taken. This approach ensures engineering activities and engineering decisions are conducted in a manner consistent with legal requirements – that as we engineer ideas into reality, we also engineer reality to the right ideas.

To learn more about demonstrating due diligence as engineers, register for EEA’s Engineering Due Diligence workshop.

Engineers tend to think problems through as visual concepts, particularly as a concept sketch or design. This is reflected by a lawyer trained CEO of a water authority:

Now that you mention it, I have noticed that if I get between the whiteboard and my engineers they do tend to go mute.

That is, for an engineer a picture really is worth a 1,000 words. Well, at least a picture with some numbers on it.The courts, on the other hand, use words exclusively. It can be something of an art form to read a judgment to establish the key decision point. And when an engineer is in a witness box trying to explain to two barristers and a judge (who have not done a science based subject for many years) a complex technological matter, it is small wonder that uncertainty arises in the collective mind of the court.It would be most desirable to ensure the efficiency of the rule of law to include a whiteboard in the witness box when an engineer is on the stand.

In his capacity as Victorian Committee member, Tim Procter organised and MCed the recent winter seminar for Engineer Australia’s College of Leadership and Management.Daniel van Oostenwijck (VicTrack) and Clive Domone (EY) spoke on The Mobile Office – Working Anywhere, providing insight to help leaders and managers achieve high performance when leading distributed teams. Daniel and Clive made many interesting points from their experience as both leaders and team members, prompting audience questions and discussions.With around 30 attendees in person and another 90 registered to watch online the seminar was well attended. The event was recorded as a video webinar for future viewing. The link to view the webinar is here:https://livestream.com/accounts/5690925/events/7597877(The password is ‘Gradedge2017’; the webinar begins at the 16:00 minute mark.)

Scientific management appeared as a formalised concept in 1910. In its idealised form it involved observing workers performing tasks, identifying potential efficiencies that could be gained in time or effort, and implementing changes.This was followed, of course, by scientific management consultants invoicing businesses for these services.This approach (including the invoicing) seems to have been first implemented by Frederick Winslow Taylor, an industrial engineer from Philadelphia. It was named in 1910 and subsequently popularised by Louis Brandeis, a Boston lawyer later made an Associate Justice of the US Supreme Court, Frank Gilbreth, a building contractor and superintendent, and his wife Lillian, who had a background (and eventually a doctorate) in psychology.Taylor, Brandeis and the Gilbreths differed in their motivation and focus in this emerging field. Taylor had as his tool a stopwatch, focusing on potential time savings in tasks, often through greater exertion on behalf of manual labourers. The Gilbreths used a movie camera to study workers, classifying 17 ‘elementary’ units of movement they named ‘therbligs’ and identifying wasted time and motion.Brandeis, on the other hand, did not practice scientific management himself. In his work as a lawyer, he came across the concepts of scientific management. He used these to successfully argue (among other things) that the basis of freight prices set by rail carriers were arbitrary and excessive, and that scientific management could demonstrate great potential gains in efficiency, and hence that carriers ought not to raise their prices.Brandeis used consultants to identify these efficiencies through Taylor's and the Gilbreths' methods, with the aim of reducing the effort and complexity required for specific tasks. Through this, he came to believe that the ideas espoused by Taylor and the Gilbreths could be used to reduce costs, raise wages (especially for low-paid workers), and generally enhance workers’ standard of living.Brandeis attempted to bring this approach to labour disputes, campaigning to unions on the benefits of scientific management. Unions, however, were skeptical, seeing (not without justification) a slippery slope to the commodification of workers as indistinguishable parametric units, rather than individual human partners in enterprise.Regardless, the concept of scientific management spread quickly, resulting directly and indirectly in a wide range of today’s approaches to business and efficiency, including strategic management, large parts of MBA courses, human factors, and widespread organisational benchmarking.Benchmarking is used in a wide range of contexts, including quantity estimation, business planning and management, industry regulation, and many others. It provides insight into expectations of time and cost, and helps identify outliers that may warrant further attention.In view of the ‘natural’ monopoly nature of Australian electricity distribution networks, electricity network businesses are subject to economic regulation by the federal Australian Energy Regulator (AER) and safety regulation by state-based agencies, such as IPART in NSW, and Energy Safe Victoria (ESV). These regulators essentially attempt to balance the networks’ business interests against the interests of the community, both financial (such as reasonable electricity prices) and safety (such as the networks’ bushfire management actions).The AER promotes this community financial interest through its authority to (attempt to) replicate the commercially beneficial effects of a ‘market’. One mechanism used in this process is limiting the prices distribution networks can charge for electricity supply. Similar to Brandeis’ assessment of freight prices set by rail carriers, these limits are in partly based on the expected (benchmarked) cost of time, materials and labour for particular tasks.There is no doubt that as electricity networks have been privatised, the AER’s approach has resulted in the maintained affordability of electricity, an essential service, to the Australian community. However, the separation of the financial and safety regulatory functions has resulted in some unintended consequences.The AER’s determination of distribution networks electricity supply prices includes consideration of expected asset maintenance and replacement. This translates through the distribution networks' operations to their field work scheduling. Field workers are allocated a certain number of asset tasks to be completed in a certain time frame. However even with an allowance for some of the expected work, this drives the perceived responsibility of any shortfall of tasks or exceedance of timeframe to the field worker.The practical result is that electrical workers in the field are driven to act on a benchmarked price/time unit rate and to ignore incipient safety issues, especially to third parties the public) that should otherwise be reported and dealt with, in efficient economic terms, on the spot. In the hierarchy of day-to-day concerns, workers may become more focused on failing to complete each day’s scoped tasks than dealing with safety issues that arise. In terms of James Reason’s theory of risk culture, it encourages distribution networks in safety terms to move from generative to pathological. That is, workers are disincentivised from bringing safety problems to management’s attention.This is a spectre of the issue the unions raised to Brandeis when he assured them that scientific management would increase their members’ lots in life. Great benefit may be gained from the quantification and benchmarking of organisations. But this must be done in the context of the people carrying out the tasks. If it is not, workplace culture (safety and otherwise) is corroded, and workers’ perception being that management views them simply as numbers or automatons, rather than people, leads to a self-fulfilling prophecy.

This article first appeared on Sourceable.

A recent New York Times article presents a view as to what bought about the Grenfell tower fire disaster. It’s depressing reading, as it is clear that the hazards of associated with combustible cladding of aluminium-sheathed polyethylene and the like were a well-known fire hazard.

Personal memory as a young fire protection engineer being trained by Factory Mutual in the US in the ‘70s recalls being exhorted to ensure robust attachment, managed flue spaces and endless sprinklers as industrial de rigueur.

The fire at the Lacrosse Building - 2004 (The Age)

Inferno at Grenfell Tower (AFP PHOTO/Natalie Oxford)

The most alarming aspect of the NYT article is the argument that, despite repeated warning from competent parties, the regulators and politicians put the financial interests of the construction industry before safety. The article goes on to imply that had regulations banning this type of combustible cladding been in place (as is the case in many other countries), there is a significant chance that the Grenfell fire would not have occurred.

Whilst we suspect this to be true, the NYT argument, from R2A’s perspective, is flawed.

***

The UK Work Health and Safety at Work etc Act (1974), like the Victorian OHS ACT (2004) and the model WHS Acts in Australia calls up the legal principle of due diligence to a SFAIRP standard. That is, a known hazard should be eliminated, so far as is reasonably practicable, or if not eliminated, reduced so far as is reasonably practicable. The dangers of combustible external cladding in buildings are well known, as are the recognised good practice precautionary options available to manage them. Demonstrating due diligence that this has been achieved is morally sound and commercially obvious. It is also the law.

This suggests that the officers of the organisations responsible for the construction, approval and installation of the cladding all failed their duty of care. The question of whether or not specific regulations for combustible cladding were warranted is, in one sense, beside the point.

As we’ve previously stated, it is impossible to implement legislative prescription of specific safety measures for the essentially infinite ways in which people may be damaged. This is the reason for the qualifier ‘reasonable’ in overarching health and safety duties of care.

So then what is the purpose of health and safety regulations? Regulations are hindsight-driven legislation intended to mandate specific examples of recognised good practice. They often appear to arise from historical lessons. They set out minimum requirements that must be achieved under statutory law (as distinct from the less specific recognised good practice that is the minimum requirement under the common law). Regulations set a benchmark that must be achieved, but do not provide any guarantee that any overarching duty of care implied by a regulation’s superior Act is satisfied. And as the world changes, hindsight-driven regulations necessarily can't keep up.

Regulations, then, must be seen as an input to and check against any safety due diligence argument designed to address the overarching duty of care. They are neither starting point nor finishing line; they lie parallel to the safety due diligence process.

However, regulations and (even more commonly) standards called up by legislation are often seen as compliance targets. This appears to have a number of causes. One is the compliance culture that integrated with risk management a number of years ago. This had advantages, including a focus on consistency and documented decision-making processes. However, it can also lead to safety risks being addressed in a check-box fashion, and a lack of understanding that when dealing potential future events, some personal judgement is always required.

A second cause appears to be the increasing level of detail in some regulations. When designing and building to the Building Code of Australia, for instance, there are literally hundreds of pages of requirements that must be understood and addressed. There are, we are sure, good reasons for each BCA requirement, but the minute detail given can impart a false sense of completeness when addressing safety issues. In our experience, compliance with the BCA is often seen as the goal, rather than a component of a safety due diligence argument.

And, as we’ve also previously noted, when one asks any engineer if simply complying with regulations will make something safe they invariably laugh. Mere compliance with regulations does not make anything ‘safe’ per se, although it can prevent certain responsible parties (those with a duty of care) from going to jail if bad things happen. This is most certainly not the intent of any health and safety legislation.

***

Regulations prohibiting combustible cladding of aluminium-sheathed polyethylene are now a significant possibility in a number of jurisdictions, including Australia and the UK. But such regulations will not ensure developers and builders satisfy their overarching duty of care, merely that there is another target to meet. A wider focus on safety due diligence is needed.

Investigations into these fires are still underway in London and Melbourne, with the Victorian Government appointing a taskforce led by architect and former premier Ted Ballieau. We will watch their outcomes with interest.

Submissions for the Gas Supplementary Issues Paper on the review of Victoria’s electricity network safety framework closed on Friday 16 June. Along with the following organisations, R2A welcomed the opportunity to respond to the independent review.

• Australian Energy Market Operator
• Australian Energy Regulator
• Australian Gas Light Company
• Australian Gas Networks
• APA VTS
• Engineers Australia
• Jemena
• Multinet
• R2A

Our response focuses on the following particular aspects of the review:

• The objectives of the safety framework in Victoria and an assessment of its effectiveness in achieving safety outcomes.
• The extent to which the regulatory framework governing network safety ensures effective risk management by energy network businesses.

In particular the reliance on the traditional quantified risk assessment (QRA) and the ALARP (as low as reasonably practicable) approach using target risk criteria (tolerable or acceptable) by the gas and major hazard industries which has two primary difficulties:

• Arguable non-compliance with the provisions of the Gas Safety Act (1997) and OHS Act (2004), and,
• Disutility for land use (safety) planning that the QRA-ALARP-target-risk-criteria process facilitates.

Many of the points in R2A’s submission on the electricity networks also apply to the Victorian gas industry. Much of R2A’s submission on the electrical safety in Victoria is devoted to explaining why the legal presentation of SFAIRP (so far as is reasonably practicable) is not equivalent to ALARP (as low as reasonably practicable). This argument also applies to gas safety.Such an observation always generates commentary to the effect that major organisations like Standards Australia, NOPSEMA and the UK Health & Safety Executive (UK HSE) (a much-quoted source) say that it is.For example, WorkSafe Victoria’s information sheet[1] on land use planning near a major hazard facility states that operators of an MHF must reduce risk to the surrounding area so far as is reasonably practicable where it cannot be eliminated. However, it then goes on to say that WorkSafe believes it appropriate to present the extent of risk areas around a MHF as planning advisory areas:

1. Inner planning advisory area – the individual risk of fatality from potential foreseeable incidents is greater than or equal to 1 x 10^-7 per year (one chance in 10 million years).

These key points are expanded in the body of the submission together with a possible way forward. See the full response here.[1] https://www.worksafe.vic.gov.au/resources/land-use-planning-near-major-hazard-facility for current advice for Major Hazards land use planning from Worksafe Victoria (viewed 14 June 2017).

Doctor Iain McGilchrist will soon be in Australia to present to the 2017 Annual Conferences of Judges of the Federal and Supreme Courts of Australia. Dr McGilchrist is a psychiatrist and a former reader in English at Oxford University. Dr McGilchrist’s most recent book, The Master and His Emissary, has been discussed in an illustrated TED talk and is also the subject of an upcoming documentary.

The Master and His Emissary explores the evolution, interactions, workings and meanings of the human brain’s left and right hemispheres. In particular, he investigates and expands on the different roles the left and right hemispheres play in our interaction with, perception of, and understanding of the world.

One of the many interesting concepts discussed is the notion of the ‘gestalt’ in cognition and understanding. Comprehending the gestalt may be thought of as the appreciation of something as more than the sum of its parts – for example, the “ah-ha!” moment when meaning emerges from the image above.

Once the Dalmatian is perceived it becomes obvious, even though it is not ‘built’ from the component black blotches of the image. Appreciation of the gestalt is something for which the right hemisphere has a much great facility than the left. It excels in understanding context and individuality.

The left hemisphere, in contrast, tends to work with logic and analysis, systems, models, representations, classing and sorting, and so on. It assembles component parts into a known whole, to move in a linear fashion from a starting point to a finishing point – whether or not this remains in the proper context.

Ultimately both of these approaches are needed for problem-solving. Unfortunately, in engineering, there is sometimes a tendency to treat analysis as the whole of the solution. This particularly presents problems when the analysis is seen as ‘true’ or ‘real’. Ultimately a model is literally a re-presentation of the world – a simplified system built in terms that (we believe) we understand. As the statistician George E. P. Box noted, “all models are wrong, but some are useful”.

However, it is very difficult, and sometimes impossible, to simultaneously appreciate a gestalt and its components. As soon as one focuses absolutely on one blotch in the picture above, the Dalmatian disappears.

R2A has found an effective approach to problem-solving is the following ‘V’ process. The example below is for a generic safety issue, but the approach may be adapted to any problem.

One key is the understanding that detailed analysis may or may not be needed. Each problem is individual and unique, and providing convincing solutions to different groups of stakeholders each facing the same problem will often require different levels of detail. Keeping this in mind during analysis, with an understanding of the high level problem context and solution goals, assists in delving only to the analytical depth necessary.

A second key is the recognition that this is not a linear process. It may take the form of an ascending spiral, continually reviewing and refining past ideas as it moves towards resolution. Or a solution may, as with the Dalmatian image above, simply emerge from the assembly of data, as a picture coming into focus.

Either way, retaining the context and individuality of each problem is paramount to developing good solutions – engineering’s ultimate aim.

The learning method at the R2A-EEA public workshops follows a form of the Socratic ‘dialogue’. Typical risk issues and the reasons for their manifestation are articulated and exemplar solutions presented for consideration. The resulting discussion is found to be the best part for participants as they consider how such approaches might be used in their own organisation or projects.

Current risk issues of concern and exemplar solutions include:

• Project schedule and cost overruns. This is much to do with the over-reliance on Monte Carlo simulations and the Risk Management Standard which logically and necessarily overlook potential project show-stoppers. A proven solution using military intelligence techniques will be provided. This has never failed in 20 years with projects up to $2.5b.
• Inconsistencies between the Risk Management Standard and due diligence requirements in legislation, particularly the model WHS Act. A tested solution that integrates the two is presented, as is now being implemented by many major Australian and New Zealand organisations.
• Compliance ≠ due diligence. Solutions to avoid over reliance on legal compliance as an attempt to demonstrate due diligence are provided.
• SFAIRP v ALARP debate. Model solutions presented (if relevant to participants) including marine and air pilotage, seaport and airport design (airspace and public safety zones), power distribution, roads, rail, tunnels and water supply.

Participants are also encouraged to raise issues of concern. To enable open discussion and explore possible solutions, the Chatham House Rule applies to participants’ remarks meaning everyone is free to use the information received without revealing the identity or affiliation of the speaker.

Remaining dates for 2017 are:

Perth               21 & 22 JuneBrisbane         23 & 24 AugustWellington       5 & 6 SeptemberMelbourne       25 & 26 October

On 19 January 2017, the Minister for Energy, Environment and Climate Change announced an independent review of Victoria’s Electricity Network Safety Framework, to be chaired by Dr Paul Grimes. On 5 May 2017, the Minister announced an expansion to the review's terms of reference to include Victoria’s gas network safety framework.It has been more than a decade since the current safety framework has been in place and it is timely to review the existing arrangements to ensure they adequately reflect the needs of the community in an increasingly complex environment.The review will include extensive consultation with industry and the community to inform the development of a final report and recommendations.Consistent with the expanded terms of reference, the Review of Victoria’s Electricity and Gas Network Safety Framework examines the safety framework applicable to the electricity and gas networks in Victoria and assesses its effectiveness in achieving desired safety outcomes. It will review the design and adequacy of the safety regulatory obligations, incentives and other arrangements governing the safety of Victoria’s electricity and gas networks.The existing Secretariat established within the Department of Environment, Land, Water and Planning to support the independent reviewer, Dr Paul Grimes, has been additionally resourced.Submissions for the Issues Paper on the review of Victoria’s electricity network safety framework closed on Friday 28 April. Along with the following organisations, R2A welcomed the opportunity to respond to the independent review.

• AER
• AusNet Services
• Attentis Technology
• CitiPower/Powercor - Submission 1
• CitiPower/Powercor - Submission 2
• Energy and Water Ombudsman of Victoria
• Jemena
• Neca
• r2a
• United Energy
• WorkSafe

Our response focuses on the following particular aspects of the review:

• The objectives of the safety framework in Victoria and an assessment of its effectiveness in achieving safety outcomes.
• The design and adequacy of the safety regulatory obligations (including safety cases and the Electricity Safety Management Scheme), incentives and other arrangements governing energy network businesses and any opportunities for improvement.

R2A’s overall perception is that electrical networks in Australia and New Zealand operate in an evolving and interesting regulatory space with overlapping financial, safety and security of supply issues. There is also a plethora of sometimes contradictory standards. Wending a path that simultaneously satisfies all of the competing issues is complex and fraught with methodological superstition. This undoubtedly creates substantial unnecessary expense and waste.From the viewpoint of an effective safety framework, the key issues we believe are causing the greatest angst at the moment are as follows:

1. Competition v Cooperation PolicyThe mantra of competition policy is being considered in isolation from the rest of the competing requirements for the safe (and reliable) delivery of electrical energy. This includes both security of supply and safety generally, and especially in Victoria major bushfires started by the electricity network. For example, high reliability requires redundancy whereas commercial efficiency is typically achieved by running without headroom. The current manifestation of economic competition policy does not deal effectively with disaster scenarios (where cooperation is essential) especially for low likelihood, high consequence events, such as black or ash bushfire days which occur about once every 25 years in Victoria.
2. Risk Management Standard v Occupational Health and Safety LegislationThe obligations of Victoria’s Occupational Health and Safety (OHS) legislation conflict with the Risk Management Standard (ISO31000) which most corporates and governments mandate. This is creating very serious confusion, particularly with the understanding of economic regulators.The risk management standard tries to manage ‘risk’ to ‘acceptable’ levels, whereas the 2004 Victorian OHS Act (and now model WHS legislation) ensures that everyone is entitled to the same minimum level of protection (but not necessarily the same level of risk).
3. Network Standards with Internal ContradictionsStandards with internal contradictions like AS 5577:2013 – Electrical network safety management systems and the EG(0) Power System Earthing Guide create enormous tensions. Specifically, they advocate using target risk criteria such as ALARP, below which risks are deemed ‘tolerable’ and do not require further action, a position in conflict with the health and safety legislation passed by all Australian parliaments and decisions of the High Court of Australia.

These key points are expanded in the body of the submission together with a possible way forward. See the full response here.

R2A’s unit Introduction to Risk and Due Diligence at Swinburne University is now a core unit for two postgraduate Master courses, The Master of Professional Engineering and The Master of Construction and Infrastructure Management. With 140 students enrolled in the course, delivery has become a real team effort.The Master of Professional Engineering is designed to help students develop skills in professional management, communication, and research methods and principles in the engineering discipline. Students undertake research and project work and benefit from the industry focus of the program. Students participate in a professional industry project. This experience allows students to apply their knowledge and skills to industry problems. They also enhance students’ awareness of industry and provide valuable networking opportunities.The Master of Construction and Infrastructure Management aims to prepare graduates for future roles in managing people, equipment, materials, technological processes and funds in the construction, management and maintenance of buildings and assets in the civil infrastructure. This aim is facilitated by the study of advanced management and engineering techniques in the fields of construction, building and maintenance.Students gain significant knowledge and skills in procurement and project delivery, resource planning and management, project costing, health and safety, and risk management. They also learn about the environmental, financial, legal and contractual considerations associated with project-based industries.To provide students with a broad understanding of risk management, including basic concepts and the suite of available techniques.The key learning outcomes for the unit are to:

1. Understand fundamental due diligence, risk and reliability concepts;
2. Apply the safety, economic and legal drivers of risk management requirements;
3. Comprehend different organisational risk paradigms and models;
4. Recognise the liability and due diligence implications of risk managers, and how they relate to quantified risk management (QRA) techniques;
5. Apply risk modelling and generative information gathering techniques;
6. Apply the use of mathematics in risk and reliability analysis;
7. Generate safety cases demonstrating due diligence and limiting legal liability; and
8. Apply both top-down and bottom-up risk management techniques – and know when to use each

Further information about the Master of Professional Engineering or The Master of Construction and Infrastructure Management can be found on the Swinburne website.

Gaye recently attended the second meeting of the Powerline Bushfire Safety Committee (PBSC) at Energy Safe Victoria (ESV).As set out in the Committee Charter, the purpose of the PBSC is to provide the Director of Energy Safety (DoES) with comprehensive expert advice to support ESV in its administration of the Electricity Safety (Bushfire Mitigation) Amendment Regulations 2016 (the regulations) and any advice ESV may, in turn, provide government on further policy changes that may be required in the light of initial network experience implementing the regulations.In addressing its purpose, the PBSC will have regard to the regulations, the regulatory impact statement (RIS) including the target fire risk reduction benefits set out herein, and the statement of reasons (SoR).The objective of the PBSC is to provide transparent, independent oversight and advice to ESV in undertaking its regulatory responsibilities to hold the distribution business accountable for the delivery of the fire reduction benefits implicit in the regulations.Gaye’s role is to provide risk management and best practice advice. All documents relating to the Committee’s activities can be found on the ESV website.

The rise of the model Work Health and Safety legislation, and the need for officers to demonstrate due diligence to ensure that their business has all reasonable practicable safety precautions in place, has been interpreted in different ways.It’s not just a cynical exercise to cover your arse after the event (although that will be one outcome).When conducting investigations into industrial fatalities, the deceased’s co-workers often self-assess to see if there is something that they personally could have done that might have saved their mate. If there was, they feel really, really bad. Conversely, if after due consideration, they conclude that they had done everything in their power to prevent such an occurrence, they feel relieved.This is the natural human response. You can also see this occur with response of parent to the death of a child on ‘P’ plates. The parents always think long and hard about whether they should have done more to train their daughter or son before they were allowed unsupervised on the roads. The Bushfire Royal Commission into the 173 deaths arising from the Black Saturday fire is a similar response, but at a community level.The courts also serve this function, but at a societal level and in a very formal context. When considering cases dealing with health and safety impacts they ask, in effect, “Was there something else that ought to have been done that would have prevented this outcome?”This is our society’s introspection, which helps us feel that justice is served, and that we learn from our mistakes.Accepting this, how do we then demonstrate, before any event, to the satisfaction of our society, that we have done all we ought to, to ensure safety? In general, this will be by demonstrating due diligence in our safety decisions and action, as required by the model Work Health and Safety legislation. But how is due diligence defined?Lawyers, when asked to describe the nature of due diligence, focus on compliance with legislation, regulations and relevant codes of practice, that is, the law. Engineers, when asked if compliance with acts, regulations and codes guarantees that anything is ‘safe’ in reality, reply “no, of course not. Don’t be silly”.This means there is a substantial practicable gap between ‘legal’ and ‘engineered’ due diligence. The reason is that it is not possible for the laws of man (in the form of regulations and compliance) to predict the future. Our legal system (the courts, Royal Commissions and the like) is hindsight driven, applying the underlying principles of moral philosophy like, "do unto others as you would have done to you.”Due diligence engineering takes these moral principles as outlined by laws and court decisions taken in hindsight, and projects them to future human endeavour. This means that engineering due diligence is about the right thing to do, and not just covering your backside.

This article first appeared on Sourceable.

The notion of engineering due diligence has expanded into Australian society, gradually displacing pure risk management as the ultimate aim of engineering decision-making. Numerous national and state-based laws have moved from mandating risk assessments to imposing specific duties to exercise due diligence, in health and safety, environmental protection and other areas.However, some standards and other non-mandated guidelines, regardless of legislated and common law precaution-based (SFAIRP) requirements and judgments (the laws of man), still promulgate approaches requiring the ‘scientific’ (ALARP) measurement and comparison of risk. This is presumably done with the view that risk can be examined and dissected as part of the laws of nature. Engineering and legal practitioners find themselves caught between these competing paradigms.An egalitarian society like Australia desires to ensure fairness amongst its citizens. One outcome of this view is that no one should be inequitably exposed to risk, and certainly not for the benefit of others. Being a free society, an individual can choose to be ‘riskier’, but this should be a matter of personal choice, not economic necessity.Risk equity can be demonstrated in two key ways. One is a scientific exercise that sets and complies with a maximum level of risk to which any person may be exposed. This requires detailed modelling of potential event sequences and comparison to a predetermined maximum acceptable level of risk.The second provides a minimum level of precaution (i.e. protection from risk) for all persons exposed to the undesired outcomes. This minimum level is generally demonstrated in recognised good practice, i.e. precautions considered reasonable by virtue of their implementation in similar situations.Pre-event, both methods conceptually provide for equal risk outcomes. However, post-event, only the minimum precaution equity approach can be tested objectively – either the precaution was in place or it was not. The maximum risk level equity approach is problematic to justify on a number of levels.The courts, reflecting Australia’s societal desire for fairness, established the precautionary approach in the common law duty of care. Post-event, the courts test whether all reasonable steps were taken to avoid damage to people. This long-established approach considers both precautionary risk equity and financial efficiency in determining what precautions, for any particular event, were reasonable.Unlike the courts, engineers and lawyers don’t have the benefit of hindsight in determining what is reasonable. Decisions must be made, with business, safety, societal and environmental implications, to address any number of potential events. These often include complex issues with valid but irresolvable competing stakeholder points of view.Due diligence engineering expands the courts’ ‘equal minimum level of precaution’ principle to a pre-event precaution-based decision-making philosophy incorporating the requirements of both science (the laws of nature) and society (the laws of man). This philosophy allows engineers and lawyers to together cut the Gordian knot that has developed when decision-making at the complex interface of physical and social infrastructure.

When it comes to dealing with a known safety hazard, everyone is entitled to the same minimum level of protection.

This is the equity argument. It arises from Australia’s work health and safety legislation. It seems elementary. It is elementary. It has also, with the best intentions, been pushed aside by engineers for many years.

The 1974 UK Health and Safety at Work Act introduced the concept of “so far as is reasonably practicable” (SFAIRP) as a qualifier for duties set out in the Act. These duties required employers (and others) to ensure the health, safety and welfare of persons at work.

The SFAIRP principle, as it is now known, drew on the common law test of ‘reasonableness’ used in determining claims of negligence with regard to safety. This test was (and continues to be) developed over a long period of time through case law. In essence, it asks what a reasonable person would have done to address the situation in question.

One key finding elucidating the test is the UK’s Donoghue v. Stevenson (1932), also known as ‘the snail in the bottle’ case, which looked at what ‘proximity’ meant when considering who could be adversely affected by one’s actions.

Another is the UK’s Edwards v. National Coal Board (1949), in which the factors in determining what is ‘reasonably practicable’ were found to include the significance of the risk, and the time, difficulty and expense of potential precautions to address it.

These and other findings form a living, evolving understanding of what should be considered when determining the actions a reasonable person would take with regard to safety. They underpin the implementation of the SFAIRP principle in legislation.

And although in 1986 Australia and the UK formally severed all ties between their respective legislature and judiciary, both the High Court of Australia and Australia’s state and federal parliaments have retained and evolved the concepts of ‘reasonably practicable’ and SFAIRP in our unique context.

In determining what is ‘reasonable’ the Courts have the benefit of hindsight. The facts are present (though their meaning may be argued). Legislation, on the other hand, looks forward. It sets out what must be done, which if it is not done, will be considered an offence.

Legislating (i.e. laying down rules for the future) with regard to safety is difficult in this respect. The ways in which people can be damaged are essentially infinite. That people should try not to damage each other is universally accepted, but how could a universal moral principle against an infinite set of potential events be addressed in legislation?

Obviously not through prescription of specific safety measures (although this has been attempted in severely constrained contexts, for instance, specific tasks in particular industries). And given the complex and coincident factors involved in many safety incidents, how could responsibility for preventing this damage be assigned?

The most appropriate way to address this in legislation has been found, in different places and at different times, to be to invoke the test of reasonableness. That is, to qualify legislated duties for people to not damage each other with “so far as is reasonably practicable.”

This use of the SFAIRP principle in health and safety legislation, as far as it goes, has been successful. It has provided a clear and objective test, based on a long and evolving history of case law, for the judiciary to determine, after an event, if someone did what they reasonably ought to have done before the event to avoid the subsequent damage suffered by someone else. With the benefit of hindsight the Courts enjoy, this is generally fairly straightforward.

However, determining what is reasonable without this benefit - prior to an event - is more difficult. How should a person determine what is reasonable to address the (essentially infinite) ways in which their actions may damage others? And how could this be demonstrated to a court after an event?

Engineers, as a group, constantly make decisions affecting people’s safety. We do this in design, construction, operation, maintenance, and emergency situations. This significant responsibility is well understood, and safety considerations are paramount in any engineering activity. We want to make sure our engineering activities are safe. We want to make sure nothing goes wrong. And, if it does, we want to be able to explain ourselves. In short, we want to do it right. And if it goes wrong, we want to have an argument as to why we did all that was reasonable.

Some key elements of a defensible argument for reasonableness quickly present themselves. Such an argument should be systematic, not haphazard. It should, as far as possible, be objective. And through these considerations it should demonstrate equity, in that people are not unreasonably exposed to potential damage, or risk.

Engineers, being engineers, looked at these elements and thought: maths.

In 1988 the UK Health and Safety Executive (HSE) were at the forefront of this thinking. In the report of an extensive public inquiry into the proposed construction of the Sizewell B nuclear power plant the inquiry’s author, Sir Frank Layfield, made the recommendation that the HSE, as the UK’s statutory health and safety body, “should formulate and publish guidance on the tolerable levels of individual and social risk to workers and the public from nuclear power stations.”

This was a new approach to demonstrating equity with regards to exposure to risk. The HSE, in their 1988 study The Tolerability of Risk from Nuclear Power Stations, explored the concept. This review looked at what equity of risk exposure meant, how it might be demonstrated, and, critically, how mathematical and approaches could be used for this. It introduced the premise that everyone in (UK) society was constantly exposed to a ‘background’ level of risk which they were, if not comfortable with, at least willing to tolerate. This background risk was the accumulation of many varied sources, such as driving, work activities, house fires, lightning, and so on.

The HSE put forward the view that, firstly, there is a level of risk exposure individuals and society consider intolerable. Secondly, the HSE posited that there is a level of risk exposure that individuals and society consider broadly acceptable. Between these two limits, the HSE suggested that individuals and society would tolerate risk exposure, but would prefer for it to be lowered.

After identifying probabilities of fatality for a range of potential incidents, the HSE suggested boundaries between these ‘intolerable’, ‘tolerable’ and ‘broadly acceptable’ zones, the upper being risk of fatality of one in 10,000, and the lower being risk of fatality of one in 1,000,000.

The process of considering risk exposure and attempting to bring it within the tolerable or broadly acceptable zones was defined as reducing risk “as low as reasonably practicable,” or ALARP. This could be demonstrated through assessments of risk that showed that the numerical probability and/or consequence (i.e. resultant fatalities) of adverse events were lower than one or both of these limits. If these limits were not met, measures should be put in place until they were. And thus reducing risk ALARP would be demonstrated.

The ALARP approach spread quickly, with many new maths- and physics-based techniques being developed to better understand the probabilistic chains of potential events that could lead to different safety impacts. Over the subsequent 25 years, it expanded outside the safety domain.

Standards were developed using the ALARP approach as a basis, notably Australian Standard 4360, the principles of which were eventually brought into the international risk management standard ISO 31000 in 2009. This advocated the use of risk tolerability criteria for qualitative (i.e. non-mathematical, non-quantitative) risk assessments.

And from there, the ALARP approach spread through corporate governance, and became essentially synonymous with risk assessment as a whole, at least in Australia and the UK. It was held up as the best way to demonstrate that, if a safety risk or other undesired event manifested, decisions made prior to the event were reasonable.

But all was not well.

Consider again the characteristics of a defensible argument. It should be systematic, objective and demonstrate equity, in that people are not unreasonably exposed to risk.

Engineers have, by adopting the ALARP approach, attempted to build these arguments using maths, on the premise that, firstly, there are objective acceptable and intolerable levels of risk, as demonstrated by individual and societal behaviour, and, secondly, risk exposure within specific contexts (e.g. a workplace) could be quantified to these criteria. There are problems with mathematical rigour, which introduce subjectivity when quantifying risk in this manner, but on the whole these are seen as a deficit in technique rather than philosophy, and are generally considered solvable given enough time and computing power.

However, there is another way of constructing a defensible argument following the characteristics above.

Rather than focusing on the level of risk, the precautionary approach emphasises the level of protection against risk. For safety risks it does this by looking firstly at what precautions are in place in similar scenarios. These ‘recognised good practice’ precautions are held to be reasonable due to their implementation in existing comparable situations. Good practice may also be identified through industry standards, guidelines, codes of practice and so on.

The precautionary approach then looks at other precautionary options and considers on one hand the significance of the risk against, on the other, the difficulty, expense and utility of conduct required to implement and maintain each option. This is a type of cost-benefit assessment.

In practice, this means that if two parties with different resources face the same risk, they may be justified in implementing different precautions, but only if they have first implemented recognised good practice.

Critically, however, good practice is the ideas represented by these industry practices, standard, guidelines and so on, rather than the specific practices or the standards themselves. For example, implementing an inspection regime at a hazardous facility is unequivocally considered to be good practice. The frequency and level of detail required for inspection will vary depending on the facility and its particular context, but having no inspection regime at all is unacceptable.

The precautionary approach provides a formal, systematic, and objective safety decision-making alternative to the ALARP approach.

Equity with regard to safety can be judged in a number of ways. The ALARP approach considers equity of risk exposure. A second approach, generally used in legislation, addresses equity through eliminating exposure to specific hazards for particular groups of people, without regard to probability of occurrence. For example, dangerous goods transport is prohibited for most major Australian road tunnels regardless of how unlikely they may be to actually cause harm. In this manner, road tunnel users are provided equity in that none of them should be exposed to dangerous goods hazards in these tunnels.

The precautionary approach provides a third course. It examines equity inherent in the protection provided against particular hazards. It provides the three key characteristics in building a defensible argument for reasonableness.

It can be approached systematically, by first demonstrating identification and consideration of recognised good practice, and the decisions made for further options.

It is clearly objective, especially after an event; either the precautions were there or they were not.

And it considers equity in that for a known safety hazard, recognised good practice precautions are the absolute minimum that must be provided to protect all people exposed to the risk. Moving forward without good practice precautions in place is considered unacceptable, and would not provide equity to those exposed to the risk. While further precautions may be justified in particular situations, this will depend on the specific context, magnitude of the risk and the resources available.

Oddly enough, this is how the Courts view the world.

The Courts have trouble understanding the ALARP approach, especially in a safety context. From their point of view, once an issue is in front of them something has already gone wrong. Their role is then to objectively judge if a defendant’s (e.g. an engineer’s) decisions leading up to the event were reasonable.

Risk, in terms of likelihood and consequence, is no longer relevant; after an event the likelihood is certain, and the consequences have occurred. The Courts’ approach, in a very real sense, involves just two questions:

Was it reasonable to think this event could happen (and if not, why not)?Was there anything else reasonable that ought to have been in place that would have prevented these consequences?The ALARP approach is predicated on the objective assessment of risk prior to an event. However, after an event, the calculated probability of risk is very obviously called into question. This is especially so as the Courts tend to see low-likelihood high-consequence events.

If, using the ALARP approach, a safety risk was determined to have less than a one in 1,000,000 (i.e. ‘broadly acceptable’) likelihood of occurring, and then occurred shortly afterwards, serious doubt would be cast on the accuracy of the likelihood assessment.

But, more importantly, the Courts don’t take the level of risk into account in this way. It is simply not relevant to them. If a risk is assessed as ‘tolerable’ or ‘broadly acceptable’ the answer to the Courts’ first question above is obviously ‘yes’. The Courts’ second question then looks not at the level of risk in isolation, but at whether further reasonable precautions were available before the event.

‘Reasonable’ in an Australian legal safety context follows the 1949 UK Edwards v. National Coal Board definition and was refined by the High Court of Australia in Wyong Shire Council v. Shirt (1980). It requires that, when deciding on what to do about a safety risk, one must consider the options available and their reasonableness, not the level of risk in isolation. This is the requirement of the SFAIRP principle.

This firstly requires an understanding of whether options are reasonable by virtue of being recognised good practice. The reasonableness of further options can then be judged by considering the benefit (i.e. risk reduction) they could provide, as well as the costs required to implement them. Options judged as unreasonable on this basis may be rejected. It is only in this calculus that the level of risk (considered first in the ALARP approach) is considered by the Courts.

The ALARP approach does not meet this requirement. If a risk is determined to be ‘broadly acceptable’ then, by definition, risk equity is achieved, and no further precautions are required. But this may not satisfy the Courts’ requirement for equity of minimum protection from risk through recognised good practice precautions. It may also result in further reasonable options being dismissed.

The precautionary approach, on the other hand, specifically addresses the way in which the Courts determine if reasonable steps were taken, in a systematic, objective and equity-based manner. From a societal point of view, the Courts are our conscience. Making safety decisions consistent with how our Courts examine them would seem to be a responsible approach to engineering.

The ALARP approach was a good idea that didn’t work. With the best intentions, it was developed to its logical conclusions and was subsequently found to not meet society’s requirements as set forward by the Courts.

The precautionary approach’s recent prominence has been driven by the adoption of the SFAIRP principle in the National Model Work Health and Safety Act, now adopted in most Australian jurisdictions, followed by similar changes through the Rail Safety National Law, the upcoming Heavy Vehicle National Law and others. And as the common law principle of reasonableness finds it way into more legislation the need for an appropriate safety decision-making approach becomes paramount. It is an old idea made new, and it works. It provides equity.

Is there any good reason to not implement it?

This article first appeared on Sourceable.

The Golden Rule, or the rule of reciprocity, states that one should treat others as one would wish to be treated. It is an astonishingly widespread maxim, appearing in some form in virtually every major religion and belief system.As a result, the Golden Rule permeates Australian society, in our courts and parliaments, and our laws and judgments. It is an integral and inalienable part of our social infrastructure.Cambridge professor David Howarth’s recent book, Law as Engineering: Thinking About What Lawyers Do, considers some of the implications of this. Howarth’s thesis is that most UK lawyers do not argue in court. Rather, on behalf of their clients, they design and implement, through contracts, laws, deeds, wills, treaties and so forth, small changes to the prevailing social infrastructure.Australian law practice seems to follow a similar pattern, and this is a good and useful thing; without these ongoing small changes to social infrastructure there would be large scale confusion, massive imposition on the court system, and general, often escalating, grumpiness.Engineering serves a similar function. Engineers, on behalf of their clients, design structures and systems that change the material infrastructure of society.This is also a good and useful thing. And, with the history of and potential for significant safety impacts resulting from these physical changes, engineers have over time developed formal design methods to ensure safe outcomes.These methods consider not only the design at hand, but also the wider physical context into which the design will fit. This includes multi-discipline design processes, integrating civil, electrical, mechanical, chemical (and so on) engineering. It also includes consideration of what already exists, and the interfaces that will arise. Road developments will consider their impact on the wider network, as well as nearby rail lines, bike paths, amenities, businesses, residences, utilities, the environment, and so on.Howarth’s book considers this approach to design in the framework of changing social infrastructure. He argues that lawyers, in changing the social infrastructure, ought to consider how these changes may interact with the wider social context to avoid unintended consequences. As an example, he examines the 2009 global financial crisis in which, he argues, many small changes to the social infrastructure resulted in catastrophic negative global impacts.Following formal design processes could have, if not prevented this situation occurring, perhaps at least provided some insight into the potential for its development. But the question arises: how should negative impacts on social infrastructure be identified? In contrast to engineering changes to material infrastructure, social infrastructure changes tend not to have immediate or obvious environmental or health and safety impacts.One option that presents itself is also apparent in good engineering design. Engineers follow the Golden Rule. It is completely embedded in engineering practice, and is supported and reinforced by legislation and judgements. Engineers design to avoid damaging people in a physical sense. Subsequent considerations include environmental harm, economic harm, and so on.A key aspect of this is consideration of who may be affected by infrastructure changes. Proximity is critical here, as well as any voluntary assumption of risk. That is, potential impacts should be considered for all those who may be negatively affected, and who have not elected to put themselves in that position. This is particularly important when others (such as an engineer’s or lawyer’s client) prosper because of such developments.A recent example involving material infrastructure is the Lacrosse tower fire in Melbourne. In this case, a cigarette on a balcony ignited the building’s cladding, with the fire spreading to cladding on 11 floors in a matter of minutes. The cladding was subsequently found to not meet relevant standards, and to be cheaper than compliant cladding.In this case, it appears a design decision was made to use the substandard cladding, presumably with the lower cost as a factor. Although it is certain that the resulting fire scenario was not anticipated as part of this decision, the question remains as to how the use of substandard materials was justified, given the increased safety risk to residents. One wonders if the developers would have made the same choice if they were building accommodation for themselves.In a social infrastructure context, an analogy may be that of sub-prime mortgages being packaged and securitized in the United States, allowing lenders to process home loans without concern for their likelihood of repayment. In this scenario, more consideration perhaps ought to have been given by the lawyers (and their clients) drafting these contracts as to, firstly, how they would interact with the wider context, and, secondly, whether the financial risks presented to the wider community as a result were appropriate. In many respects the potential profits are irrelevant, as they are not shared by those bearing the majority of the risk.The complexities here are manifest. Commercial confidentiality will certainly play a role. No single rule could serve to guide choices when changing social or material infrastructure, and unforeseen, unintended consequences will always arise. But, when considering the ramifications of a decision, a good start might be: how would I feel if this happened to me?

This article first appeared on Sourceable.

2016 is almost over, and a new year is fast approaching. R2A has had a great year. Below are some highlights we would like to share with you.

In early 2016 we launched the 2016 update of the R2A text, Engineering Due Diligence, at our annual function. This included Richard’s discussion of one of the first prosecutions of an officer of a company under the newly implemented Work Health and Safety legislation.

Shortly after this R2A took on a new business partner, Tim Procter, who returned to R2A after a number of years working in engineering design and consulting. Tim also joined the Engineers Australia College of Leadership and Management Victorian Committee.

And, not to be outdone, in mid 2016 Gaye welcomed the arrival of her second daughter.

Richard, Gaye and Tim are now looking forward to R2A’s next event. On 7 February 2017 R2A and the Victorian Bar will welcome former British MP Professor David Howarth, Reader in Law at Cambridge University, to Engineers Australia’s Melbourne centre. David will discuss his recent book, Law as Engineering, and his thoughts on some interfaces between lawyers and engineers. This will be a larger event than we have previously held – registrations are available through Engineers Australia’s events website. We’re planning that this be the first in a series of seminars exploring this subject. We’d love to see you there.

Interesting Projects

• Transurban: R2A completed a review of all fire safety systems for Transurban’s Australian tunnel portfolio, with a particular focus on what constitutes recognised good practice for aging assets.
• Public Transport Victoria: R2A conducted project due diligence reviews for a number of PTV business cases involving trams, trains, buses, safety and accessibility projects.
• IPART: R2A provided advice to IPART, the NSW electricity safety regulator, on the development of an audit framework for electricity network safety management systems. This was an extensive project that involved reconciling a number of concurrent pieces of legislation to ensure the framework was acceptable to all stakeholders.
• Legal advisory services: R2A advised our clients and their legal counsel in a number of confidential projects relating to the implications of the new WHS legislation for their operations and management.
• Department of Land, Water and Planning: R2A advised DELWP on the implications of the new WHS legislation when considered against the revised Australian National Committee on Large Dams (ANCOLD) guidelines.
• Port of Melbourne Corporations: R2A are undertaking an asset safety due diligence review for a critical piece of Port infrastructure.

Gaye has also been appointed to the Energy Safe Victoria Powerline Bushfire Safety Committee, which will continue its work in 2017.

Conferences

Richard and Tim presented at a number of conferences and seminars in 2016, and are available for similar opportunities in 2017. Please get in touch if you have an event coming up.

• Conference on Railway Excellent (CORE) 2016. Rail Tunnel Fire Safety System Design in a SFAIRP Context. Co-authored by Tim Procter and Lachlan Henderson of Metro Trains Melbourne.
• Asset Management Council and Risk Engineering Society (Melbourne). Risk and Asset Management.
• Dust Explosions Conference, 2016. Dust Explosions and the (Model) WHS Act.

Media

R2A were featured in a number of publications in 2016. The Sourceable articles in particular (listed here chronologically) show our evolving thinking on the implications of the precautionary approach in engineering decision-making and the wider society. This culminated in our final article for the year, which presents our view of the history and philosophy of the ISO/AS31000 (hazard-based) and WHS/common law (precaution-based) approaches to risk management, and the conflicts that have arisen between them.

• Are Australian Standards Becoming Irrelevant? (Sourceable) (No longer available).
• Precaution v Precaution (Sourceable)
• Unknown Knowns: the Perils of Blind Spots (Sourceable)
• Problems and Solutions: The Power of Perspective (Sourceable)
• Legal vs Engineered Due Diligence (Sourceable)
• Everyone is Entitled to Protection – But not Always the Same Level of Risk (Sourceable)

Tim also had a paper published in the 2016 edition of the peer reviewed Australian Journal of Multi-Disciplinary Engineering: Due diligence in the operation and maintenance of heritage assets.

Education

Throughout 2016 Richard delivered public and in-house courses on Engineering Due Diligence to a wide range of attendees.

Richard also continued to present the Swinburne University post-graduate unit Introduction to Risk & Due Diligence. In 2016 this was made a core unit for all engineering post-graduate degrees. Gaye, Tim and R2A associates presented guest lectures during the semester. With this increased enrolment Tim and Gaye will be joining Richard as regular lecturers in 2017.

The 2-day joint R2A/EEA Engineering Due Diligence workshop was again successful this year and will continue in 2017. This workshop is aimed at aspiring directors and senior managers.

Imagine you have a great idea. Perhaps it’s for a start-up venture. Perhaps it’s a new, better way of doing something at your workplace. Perhaps it’s changing the way your business has always done something. Perhaps it’s a substantial capital works project.Each of these will require a business case to convince stakeholders that your idea is, in fact, great, and ought to be implemented. Key aspects considered and explained should include:

• what the good idea is
• how it fits into the current market or organisation
• the benefits it will bring
• the upfront and ongoing costs that it will entail
• the risks the proposed course of action will carry
• what will be done to address these risks

These points can be separated into the three elements of any good business case: the ‘what’, the cost-benefit analysis, and the risk management strategy. The effort and detail required to prepare a convincing business case will vary depending on the idea, but it is unlikely to gain stakeholder acceptance without these three key elements.The ‘what’ and the cost-benefit analysis are generally well understood. However, business case risk management strategies are often difficult to interpret for readers. When you consider that those reading a business case will likely be those deciding if your (great) idea is accepted, the benefit of a clear and concise risk management strategy becomes obvious.So, what does a clear and concise risk management strategy involve? How can one best be prepared and presented? And how can it be made convincing as part of a business case?

Perspectives

The essence of a convincing risk management strategy is emphatically not a statement of “here are the risks, and here is what we will do about them so we don’t think they will happen.”This is, essentially, a list of problems. When deciding on a new course of action as a start-up, a small business or a large organisation, a list of problems in a business case will not give decision-makers confidence.This is especially the case if, as proposed by AS31000 (the Australian Standard for risk management), the goal of the risk management strategy is to ensure risks are ‘tolerable’, which generally means they are unlikely to occur. This argument to unlikelihood is particularly unconvincing if a decision-maker asks “I accept that this risk is unlikely, but what if it happens?”A clearer and more convincing approach is to present a case that states “here are the critical issues, here is why we don’t believe any have been overlooked, and here is why we believe all reasonable measures are in place to address them.”This approach takes a solution (rather than hazard) based approach. A hazard-based approach typically identifies many specific problems and puts them in a list, before thinking of things to do about them. Its perspective is “here’s what could go wrong with my great idea, and here’s why I don’t think it will.”This approach tends to focus on problems and their complexity, going into detailed, oft-impenetrable risk analysis, making it difficult for senior decision-makers to fully comprehend due to the specialist skill-sets required. Problems are often taken out of context for the organisation, and measures identified for each problem tend to be specific to each problem and as such hard to justify. It creates analysis paralysis.A solution-based approach, by contrast, begins by looking at what measures are in place in similar situations, and what further measures might be needed for this specific context. It is actually an options analysis and provides the case for action. Its perspective is "here’s what we should have in place to be confident going ahead with my great idea.”This shift from problems to solutions is key to presenting a convincing business case. It pushes the focus to the way forward, and takes an overarching, holistic viewpoint, making recommendations clearly explicable to senior decision-makers. It ensures the organisation’s context is always considered, and identifies a smaller number of solutions that address multiple potential issues, with a focus on implementing recognised good practice rather than presenting unnecessarily detailed analysis.Where needed, this approach can still generate the level of detail required for budget contingency estimation (e.g. through Monte Carlo simulation). However, it ensures that this detail remains contextually sound, and is only provided where beneficial to decision-making.This approach is also simpler, faster, more efficient, often cheaper, and certainly more defensible if something does go wrong. They provide an argument as to why decisions are diligent, rather than why they are ‘right.’ In short, a solution-based approach provides a far superior decision basis than a hazard-based approach. And that’s something that any business case should aim for.

This article first appeared on Sourceable.

One of the more interesting philosophical issues to emerge in the early 21st century is the relationship, as determined by our courts, between the precautionary principle as implemented in environmental legislation, and the precautionary approach as articulated in the harmonised Work Health and Safety (WHS) legislation.It is interesting because the intellectual source of these ideas appears entirely different, yet the judicial operationalisation of both approaches appears to align.The environmental precautionary principle is generally recognised as coming from Germany’s democratic socialist movement in the 1930s and gained acceptance through the German Green movement in the '70s and '80s as a formal articulation of the German principle of vorsorge-prinzip, that is, quite literally, precaution-principle. In Australia, Parliaments adopted the formulation derived from the Rio convention in the '80s as expressed by the Intergovernmental Agreement on the Environment (1992) between the Commonwealth and the States. That is:"Where there are threats of serious or irreversible environmental damage, lack of full scientific certainty should not be used as a reason for postponing measures to prevent environmental degradation.In the application of the precautionary principle, public and private decisions should be guided by:(i) careful evaluation to avoid, wherever practicable, serious or irreversible damage to the environment; and(ii) an assessment of the risk-weighted consequences of various options."The precautionary approach in the model WHS legislation appears to be derived as a defence against negligence in the common law. The common law (commencing in the 12th century with King Henry II) is now established from case law as modified progressively by the judiciary over the next 800 years and, in particular with regard to negligence, by the English law lord Lord Atkin in 1932. He favoured the adoption of a manifestation of the ethic of reciprocity or the golden rule of most major philosophies and religions, expressed in the Christian tradition, as: love your neighbour as yourself meaning do unto others as you would have done unto you.In The precautionary principle, the coast and Temwood Holdings, published in the Environmental and Planning Law Journal 2014, Justice Stephen Estcourt summarises the attempts by the judiciary in Australia to operationalise the environmental precautionary principle over the last 20 years and describes the way various decisions depend on earlier decisions and the way in which aspects of possibly unrelated decisions can be ‘borrowed’ (for want of a better term) from other judgments. For example, he observes that Osborn J in Environment East Gippsland vs VicForests (2010) notes the Shirt calculus. Wyong Shire Council v Shirt (1980) considers the liability of the Council for a water skiing accident, which at first glance would not appear to have any obvious connection to an environmental forestry matter. The issue was a question as to on which side of a sign saying ‘deep water,’ the water was actually deep.What the judges appear to be doing is extracting what are perceived relevant principles from other decisions. This has been conceptually noted by others. In their book Understanding the Model Work Health and Safety Act, Barry Sherriff and Michael Tooma quote a decision from the NSW Land and Environment Court to establish what due diligence means in the model Work Health and Safety legislation. Their point is that, whilst due diligence has been defined in the model WHS Act, the definition closely mirrors the current definition of due diligence in case law. That is, existing environmental case law may serve as a guide to this interpretation for WHS legislation.From the perspective of due diligence engineers trying to reverse engineer the decisions of the Courts, all this is actually quite refreshing. Deconstructing the precautionary principle back to established common law protocols to establish due diligence facilitates a robust pre-event alignment of the laws of nature with the laws of man.

This article first appeared on Sourceable.

When demonstrating due diligence, it’s not just what you know and who you know, it’s what you don’t know that you know.

Donald Rumsfeld’s infamous 2002 quote provoked much discussion: “…as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know…there are also unknown unknowns – the ones we don't know we don't know. It is the latter category that tend to be the difficult ones.”

Rumsfeld’s comment emphasised the importance of unforeseen (and possibly unforeseeable) risks. However, he did not speak about a potential fourth category, the ‘unknown knowns.’

T. E. Lawrence wrote of the ideal military organisation having “perfect 'intelligence,' so that we could plan in certainty.” In practice, this is essentially impossible. An executive’s difficulty in knowing what is happening throughout their organisation increases exponentially with the organisation’s size. This gives rise to many well-known and resented management frameworks, including risk and quality systems, communication protocols, timesheets, and so on.

A heuristic technique known as the Johari Window considers the intersection of a person’s state of knowledge with that of their surrounding community. Adapting this to a organisation’s executive’s point of view gives the following Rumsfeldian categories:

These ‘unknown knowns,’ or blind spots, may take a range of forms, including different solutions implemented in different departments for similar problems. At best this is inefficient, and at worst it may demonstrate that, in the case of something going badly wrong, the organisation had a different and clearly reasonable way to address the issue but failed to do so. In this way, recognised good practice may be known and understood within an organisation but not communicated to those who would fund its implementation. A situation may occur in which something goes wrong and good practice measures could have prevented it. This leaves organisations (and relevant managers) open to charges of negligence.

Blind spots may also manifest in the form of operations teams using workarounds to bypass inefficient or perceived low value systems imposed by management. These may arise from benevolent or benign intentions, but can also involve the deliberate flouting of rules or laws, as seen in the recurring ‘rogue financial trader’ scandals.

These scenarios occur again and again in large organisations, and regularly appear in high-profile crisis management media stories. A prominent recent case is Volkswagen’s 2015 diesel emissions controversy. Volkswagen’s CEO admitted that from 2009 to 2014 up to eleven million of its diesel cars (including 91,000 in Australia) had deliberate “defeat” software installed.

This software reduces engine emissions (and hence performance) when it detects the vehicle is undergoing regulatory emissions testing such as that conducted by the United States Environmental Protection Agency (EPA). During normal driving, the software increases vehicle performance (and emissions.) This approach was used to have vehicles approved by US EPA regulators while still marketing the cars as high performance vehicles.

Following the admission, Volkswagen suspended sales of some models and stated that it had set aside 6.5 billion euros to deal with the issue and its fallout. The CEO resigned, and a new chair was elected to the supervisory board. Dozens of lawsuits have since been filed against the company, including a US$61 billion suit from the US Department of Justice.

One investigation into this matter noted sociologist Diane Vaughan’s investigation into the 1986 Challenger space shuttle disaster, citing her concept of “normalisation of deviance.” The investigation stated that, rather than explicit or implicit executive direction to game the emissions testing regime, “…it’s more likely that the scandal is the product of an engineering organisation that evolved its technologies in a way that subtly and stealthily, even organically, subverted the rules.”

This can occur through ongoing ‘tweaking’ by system engineers, with no single change considered enough to break ‘the rules’ but with the accumulation over time enough to go past approved limits. Workforce turnover obviously plays a role in this, with the gradually evolving status quo more likely to be accepted than challenged by each new employee. The Volkswagen board chairman’s statement that “we are talking here not about a one-off mistake but a chain of errors” supports this view, with the German investigation’s chief prosecutor subsequently stating that “no former or current board members” were under investigation.

In almost all of these scenarios, it is eventually found that someone, somewhere in the organisation, was aware of the issue and had misgivings about the organisation’s course of action. And when this knowledge becomes public, it often does serious damage to the organisation's reputation.

One approach to tease out these often complex and hidden views, decisions and knowledge is through the ‘generative interview’ technique. This is based on British psychologist James Reason’s classifications of organisational culture. These run on a spectrum from pathological, through bureaucratic, to generative. These classifications signify a range of organisational cultural characteristics. Three key indicators for executive blind spots relate to failure and new ideas; their response to failure, their response to new ideas, and their attitude to issues within the organisation.

Pathological organisations punish failure (motivating employees to conceal it), actively discourage new ideas, and don’t want to know about issues. Bureaucratic organisations provide local fixes for failures, think that new ideas often present problems, and may find out about organisational issues if staff persist in speaking out. Generative organisations implement far-reaching reforms to address failures, welcome new ideas, and actively seek to find issues.

Generative interviews adopt a communication approach with characteristics of a generative organisational culture. They aim to gain the insight of ‘good players’ at a range of levels within an organisation. They are conducted in the spirit of enquiry rather than audit. That is, they are used to look for views, ideas and solutions rather than just for problems or non-conformances, but they listen carefully to issues raised. If an interesting idea or view is common to multiple levels of an organisation, this indicates that it should be further investigated.

When trying to demonstrate diligence in executive decision-making, this harnessing of knowledge at all levels of the organisation is critical. Without it, senior decision-makers may overlook well-known critical issues, and reasonable precautions may be missed. In a post-event investigation, it is difficult to demonstrate diligence if someone within the organisation knew about what could have gone wrong or how to prevent it but could not communicate this to those with the power to address it.

This approach is not a panacea for identifying issues faced by an organisation. However, it helps executives focus on, identify and address their organisational blind spots. In this manner it helps answer a key aspect of due diligence in decision-making: what are our unknown knowns?

This article first appeared on Sourceable.