Boards and directors have a duty under workplace health and safety laws to ensure the company meets its WHS obligations (due diligence duty). TRAC Partners managing director Anthony Cribb MAICD suggests five practical ways to ensure effective critical risk management.
Boards should regularly review the adequacy of their due diligence duty framework. A key part of it requires officers to satisfy themselves effective systems are in place to manage critical risks with the potential for workers to be killed. Officers now risk jail time for industrial manslaughter and recent court decisions appear to expose directors to more personal liability risk.
1. Find the gaps
Officers of organisations known under WHS as “person conducting a business or undertaking” (PCBU) need to guarantee the effectiveness of the safety management system (SMS). First, analyse to find any gaps then develop an improvement plan to address them. Set a timeframe to implement changes and monitor them.
2. Check your assurance framework
An effective framework must include a regular assurance review of the PCBU’s safety management system. Check “work as done” is in accordance with the SMS, which should state who is accountable. The board should regularly review the outcomes.
3. Ensure review recommendations are closed out on time
Capture any actions and recommendations to address findings from assurance reviews. Set dates for completing actions and recommendations, and report to the board about progress. The board must have oversight of ongoing actions and verify completed actions.
4. Effective critical risk management
Boards and CEOs should be satisfied there is an effective and appropriate system in place for the management of critical risks. They should be identified and their operation documented, communicated and implemented. Provide training on potential risks across the work environment. Boards should regularly assess the effectiveness of risk management controls.
Document all critical controls clearly so they can be understood by workers. Hard controls should be identified before relying on procedural controls. Boards should challenge management in circumstances where hard controls have not been adopted. Clearly assign accountabilities and responsibilities for each risk and control identified. Have an effective reporting framework to officers.
5. Measure effectiveness of critical risk management framework
Undertake regular assessments to check the critical risk management system is being followed. Establish performance measures and make sure they are reported to the board regularly.
Don’t rely on a tick-a-box mechanism. Find out what is not being done and focus on bridging the gaps with effective audits, field interactions and observations by senior management.
Use responsibility and accountability measures to ensure a follow-up procedure for any actions the audits raise. Monitor controls by reference to international standards or guidelines and best practice.
Not only should all risks and controls be assessed at regular intervals, but if there have been significant incidents or prosecutions, improvement notices issued by regulators, or assurance checks undertaken that identify issues, there should be a review immediately after each incident, prosecution or improvement notice, or assurance check.
This article first appeared under the headline ‘Peak Performance’ in the April 2025 issue of Company Director magazine.
Latest news
Already a member?
Login to view this content