Boards are responsible for the good governance of the organisation and risk management is an essential aspect of this.
Diligently balancing competing priorities with limited resources requires an organisational expression of risks and rewards in the value system of the board. In the business community this has often been expressed as risk appetite meaning that an outstanding outcome can justify taking greater chances to achieve success. In policy terms it means encouraging the organisation to select projects and programs with greater rewards for similar effort, and is to be applauded. This is a positive demonstration of business due diligence.
However, safety has a different perspective. Here often, the consequences of failure are so high that there is simply no appetite for it. Instead, provided the situation is not prohibitively dangerous, the requirement is for (safety) risk to be eliminated or reduced so far as is reasonably practicable, a matter which can be forensically tested in court1.
This is a positive demonstration of safety due diligence. Recognised good practice in the form of guidelines and standards is a starting point.
In statistical terms, due diligence is primarily about dealing with outliers and black swans (especially to third parties) that create potential showstoppers, rather than optimising the middle ground, which appears to be the position most risk management programs try to achieve. In our experience, most risk management programs involving risk appetite concepts are about optimising the most likely commercial corporate position rather than preventing catastrophes.
For technological business which mainly deal with downside risk, the term risk appetite seems inappropriate at least for safety aspects. A better term may be a risk tolerance statement or, keeping it generic across business and safety, a risk position statement.
A risk position statement is an articulation of the Board’s understanding of the key risk issues for the business and their understanding of the management and optimisation of these risks. It is almost a quality assurance document to ensure the Board can transparently demonstrate risk management governance to stakeholders including the community and government.
From a Board viewpoint, the safety risk position will not be driven by risk (consequence and likelihood) but rather criticality (consequences) and what can actually be done to eliminate or minimise the risk. For example, risk tolerances will vary depending on the precautionary options available for a particular issue and the resources available at the time to address the issue.
1 For example from Worksafe Australia interpreting the model WHS act (as viewed at): http://www.safeworkaustralia.gov.au/sites/SWA/about/Publications/Documents/607/Interpretive%20guideline%20-%20reasonably%20practicable.pdf 15 July 2013:
What is ‘reasonably practicable’ is an objective test
What is ‘reasonably practicable’ is determined objectively. This means that a duty-holder must meet the standard of behaviour expected of a reasonable person in the duty-holder’s position and who is required to comply with the same duty.
There are two elements to what is ‘reasonably practicable’. A duty-holder must first consider what can be done – that is, what is possible in the circumstances for ensuring health and safety. They must then consider whether it is reasonable, in the circumstances to do all that is possible.
This means that what can be done should be done unless it is reasonable in the circumstances for the duty-holder to do something less.
This approach is consistent with the objects of the WHS Act which include the aim of ensuring that workers and others are provided with the highest level of protection that is reasonably practicable.