The Safety of Work

Ep.76 What is Due Diligence?

Episode Summary

Greg Smith is both a safety lawyer and a safety professional. He graciously reached out to me after listening to our episode a couple of weeks ago on whether the capacity index is a good replacement for incident-count safety metrics, noting that when it came to due diligence, he felt that further elaboration on some of the topics we discussed might be a good idea. So of course I invited Greg to share his thoughts on today’s episode - which he kindly agreed to do.

Episode Notes

Greg makes it very clear how important it is to avoid oversimplifying the term “due diligence”. He shares how this mistake has, unfortunately, led to safety officers and businesses being held liable for incidents at their premises. Today’s conversation with Greg was incredibly insightful to me and he clarified all his examples with real-life examples.






“I find it fascinating the number of different disciplines, all landing at the same point at about the same time but without any reference to each other, I think it says something about the way that health and safety is managed at the moment.”- Greg Smith

“Due diligence creates a positive obligation on company officers in the same way that the reasonableness elements of WHS create positive obligations on employees.”- Greg Smith

“Injury rates from a legal perspective are not a measure of anything. They don’t demonstrate reasonably practicable, they do not demonstrate due diligence.” - Greg Smith

“ I am not an advocate of moving from complexity to simplicity. I think we need to be careful of that because a lot of what we do in safety is not simple and by making it simple, we’re actually hiding a lot of risk.”  - Greg Smit



Paper Safe Book - by Greg Smith

Forgeworks - Safety work vs Safety of Work

A capacity index to replace flawed incident-based metrics for worker safety

Episode Transcription

David: You're listening to The Safety of Work podcast, episode 76. Today, we're asking the question, what is due diligence? Let's get started. 

Hey, everybody. My name is David Provan, and today I'm joined by Greg Smith, who's both a safety lawyer and a safety professional, which makes him a very unique individual indeed. Welcome to The Safety of Work podcast. In each episode, we ask the important question in relation to the safety of work, or the work of safety, and we examine the evidence surrounding it. Before we go any further, Greg, welcome to the podcast. 

We've known each other for quite a while and I'm a big fan of your book, Paper Safe: The Triumph of Bureaucracy in Safety Management. I know many of our listeners would have read your book. How about you tell us a little bit about yourself and your background before we get stuck into due diligence?

Greg: Thanks, David. A pleasure to be here. I love the podcast. I love listening in and always learn a lot. I'm a lawyer. I've been a lawyer now for the best part of 30 years, but I've been in and out of the law as well. I started as a lawyer. I practiced for a while, then I went and joined the army for a while. I came back, practiced as a lawyer, went and worked as a safety advisor in an oil and gas company. I came back to the law, went out and worked as a general manager in safety and health in a mining services business, and came back to the law. 

That's where I'm now, practicing the law. I work three days a week for a big law firm and run my own business two days a week, which gives me a bit more flexibility to do some interesting things. That's my journey. I came into the safety court by accident, I started in industrial relations and employment, and just ended up getting involved in fatalities. The more I got involved in fatalities, the more I dove into learning about safety law, first of all, and then I thought, what sits behind safety? Why is this stuff not working? That led me to a journey to explore more about safety, I guess.

David: Great. Greg, Paper Safe has been a very popular book. I hear from a lot of my colleagues and connections that it seems to have really resonated with a lot of people. What was the motivation for you behind that book, particularly?

Greg: It just struck me. I have lost count of the number of fatalities I've been involved in, in safety investigations and all sorts of things. It just continued to strike me how large the disconnect was between all of the effort we put into producing safety-related material in workplaces, and how little that process was reflected in the way our work was actually done. 

There's two parts to it: that disconnect between our documented systems and what happens in practice, and the complete inability for me, as a lawyer, to be able to rely on my client’s documented safety management systems in legal proceedings. 

I often use this example, but I say to clients all the time, in 25 years, I've never been involved in an event or when I will pick up a JHA and go, oh, this is going to be helpful. Because it never is. It just never is and it's never the one-off JHA that isn't helpful. It's when you go and pull out the same JHA for the same work signed by the same supervisor for the last 12 months. They're all unhelpful, that you start to think, oh, we've got a problem here. 

It's not like it's a secret. There's examples in the book and the examples I use in my training where courts and tribunals have literally referred to the tick-and-flick process. Everybody in the workplace knows about their own systems. It's patently obvious to everybody who looks at it externally after an event. That was another [...] here.

David: That's right. I think it's an idea for the time because this is a 2018 book. I think Paper Safe is the same year that Drew Rae and I were writing this Safety Work versus the Safety of Work, which is a very similar thing, which is what's in the safety management system and how is work done, and what is it that creates safety.

Greg: I find it fascinating that the number of different disciplines, all landing at the same point at about the same time but without any reference to each other. I think it certainly does. It says something about the way that health and safety is managed at the moment. 

David: Great. Greg, in episode 74, two episodes ago, we asked the question, is a capacity index a good replacement for incident count safety metrics? That was based on a recently published paper by Michael Tooma and Professor Sidney Dekker. You reached out to me. I'm grateful that you reached out to me after and said, hey, look, the way that you are conceptualizing and talking about due diligence might not have been framing it in the most useful way for us, or maybe it was even wrong. 

What I said is like, yeah, look, all safety professionals are Bush lawyers and myself included. I thought it was a great opportunity to have you on the podcast to revisit the question that we'll ask today, which is, what is due diligence? Because it's really great to hear from a really, really experienced safety lawyer about what exactly due diligence is and what it isn't, and then how we can work our way through this episode to some practical advice for organisations, so happy for you. To start with, how do you talk about due diligence or maybe some of the things that we were talking about that didn't match that? How would you like to start sharing your expertise around due diligence?

Greg: There's a frustration for me around due diligence in a couple of ways. Safety does this a lot, like safety conversation, safety leadership. We take something, stick safety in front of it, and make it out like it's something different. We're doing that with due diligence by saying, here's all the stuff you need to do as a leader. By the way, over in this area called safety, there's this thing called due diligence, and there's not. 

If you're a company officer, and you've got obligations to exercise due diligence, there's not a new concept. You do that in terms of finance, strategic planning, appointment of CEOs, and business initiatives all the time. The idea of due diligence as a general context ought not be conflated with WHS legislation. 

At one point, I think one of the core elements, I should say, of due diligence in the WHS legislation is, what it is designed to do administratively? Prior to positive obligations of due diligence, company officers could only be prosecuted through a process known as an excess or a liability, which means I needed to prosecute and convict the company. If I convicted the company and could prove the same offense occurred with the company officers consent, connivance, or neglect, then I could prosecute that company officer. It was a bit of a muddled and difficult path to go down. 

Due diligence creates a positive obligation on company officers in the same way that the reasonable elements of WHS create positive obligations on employees. An employee has a positive obligation to take reasonable care for their own safety. For example, company officers now have a positive obligation to exercise due diligence to make sure the company is meeting its obligations. In that sense, it makes sense and simplifies a few things, and there's a few other issues around it. In broad terms, a good idea from that perspective, but not new, not novel, not exciting. 

The other thing that I think is even more problematic at the moment, is that a lot of people are selling due diligence—I'll call them products or due diligence concepts—based on a checklist, considering the sub paragraphs of Section 27, however many, there are 80 or whatever it is, and they say, due diligence means these six or seven things. That is just, in my view, really misconceived, really misleading, and really wrong. 

I've got some references and I'll flick them through so we can link them to the podcast. There's a case called George Hetherington, which is a 2019 New South Wales District Court decision. In that decision, the judge makes it very clear that the boundaries of due diligence are not closed, and what is included in due diligence is not limited to those seven sub paragraphs. We don't know what the extent of due diligence is yet. 

Certainly, all of those things in those seven paragraphs are important. They're relevant, they make sense, but it's not a checklist. You cannot go through and create a due diligence safe work method statement type mentality where you go through and tick, tick, tick. That's not how it works. 

In fact, the judge in that case referred back to a 1970-something for federal court decision called Universal Telecasters. The definition of Universal Telecasters when I talk about due diligence—and that wasn't a safety case, so due diligence is a universal obligation—it talked about ensuring that there were proper systems to manage the relevant risks and adequate supervision to know that those systems were implemented and effective. When we use supervision in this context (or the courts do), they're not talking about what supervisors do, which is the other misconception. Supervision is assurance, the whole organization understanding about whether the systems work.

Whenever I'm working with organizations and clients, this is the working definition, if you like, to what's reasonably practicable on what's due diligence, because you can't separate the two. When we're talking about these general duties, what we are talking about (and this is the same for both of them), reasonably practicable in a working definition sense means, do we have proper systems to manage the hazards in the business and meet our legislative requirements? And do we have adequate assurance to know that those systems are in place and are effective?

Now, of course, you run straight into the problem here, because proper and adequate are both subjective terms. This is then the risk management element, although it's the judgment call, it's the balancing exercise. Justice Mary Gordon, in the high court in [...], used the phrase of balancing the risk against the time, cost, and trouble of managing it. That's the judgment call that we're asked to make. 

Now there can be a lot of technical evidence and expertise that goes into that, depending on the risk, but basically, that's what we're saying. Do we have proper systems? Do we have adequate assurance to know that those systems are in place, and are effective? If you hark back to Paper Safe for a moment, one of the things we are very good at is building systems. One of the things we're very poor at is the level of assurance that those systems are in place and effective. 

I don't know the motivation that Michael and Sidney put into this capacity index. I know that they were critical of injury rates, for example, as a measure of safety, and they should be. Injury rates from a legal perspective are not a measure of anything. They don't demonstrate reasonably practicable, they do not demonstrate due diligence. You will not find a defense lawyer in the country who can stand up in front of a magistrate or district court judge and say, your honor, here's the evidence that my client had a safe system of work by virtue of the fact that their injury rate data is 4.2, which is 0.7 below industry standard or some such nonsense. 

We were talking about empty sheds a moment ago, about a case in Western Australia where a company director was sent to jail for eight months. The traditionalists listening in might be comforted to know that that organization's injury rate was zero. They hadn't had an incident and 20 years before someone died. It's not really a measure of anything. 

The capacity index was a search, one of many, to try and work out how we demonstrate in evidence these ideas of reasonably practicable. How does that relate to due diligence? Well, due diligence, the way that that links into that is the obligation on officers to understand if the organization has proper systems and to understand the extent to which they are implemented and effective. Part of that includes generally taking some proactive measures to understand that, whether that's site inspections or commissioning reports, or asking questions or whatever that might be. One of the challenges for the industry in that context is how do we provide that information to our executives because we can't do it with injury rate data.

David: It's a great introductory explanation, Greg. Thanks for that. Because we've got due diligence says it's written into legislation and then we've got a legal profession, if you'd like, that provides a first level interpretation of what that might look like in terms of what compliance with that might look like it, but then obviously, we don't know until we start testing these through court in terms of exactly how the courts are going to interpret these things, and then we build out our understanding of the concepts over time. That's why it's always so hard for organizations sometimes in this space to know exactly what is going to be enough, where is that bar exactly going to be placed for them?

Greg: It never will be placed exactly. That's part of the nuance of these general duties that we face, that they are always going to be based on the particular circumstance of a case. That's always going to be problematic. This is why I think it is so dangerous to link any level of risk assessment at this level of an organization to a metric, a number, a graph, or something like that. There has to be that continual level of inquiry, interest, and challenge. 

When I spoke to company officers, I talked about their obligations to bring an independent mind and challenge the information they receive about health and safety. They cannot be passive recipients of the information. That's why when you look at the history of Corporate Australia with health and safety, the fact that injury rate data still has such a prominent place, is actually quite good evidence that we're really not that interested in safety. 

If we were, and if boards were bringing the same level of acumen and inquiry that they bring to the financial reporting they receive, if they were bringing that level of acumen and inquiry to the health and safety data they receive, I cannot imagine we would still have systems of health and safety reporting that rely on injury rate data because as soon as anybody asks the question, what does that tell me about how well the hazards in my business are being managed, they'd have to realize it tells them nothing.

David: I think you're spot on. I like the way that you've conceptualized, at a very high level, having proper systems in place to manage the hazards, or proper systems to manage the hazards and an ongoing knowledge of the extent to which they are in place and effective. Even as you just finished off there, even by seeing a set of injury rates, or even many of the other things that boards often get reported to them, those fundamental questions, which is how does this information, let me know about whether we've got systems in place to manage the hazards, other than inferring that because we haven't had an incident, can I assume that the opposite is true that we've got systems in place? Well, no, I can't do that. The second is what independent inquiry have I undertaken as an individual to satisfy myself that they're in place in effectively working? That opens up a whole set of activities and lines of inquiry that may not be that common.

Greg: You're right. One of the things we do need to be a little bit careful of and is being overplayed, particularly for larger organizations, okay, and we do have an inherent limitation here, David, in that all of the prosecution's of company offices in Australia, apart from one rose many years ago, which naturally paid much attention to have involved the prosecution of small business owners many very closely related to the day-to-day work, and in many cases, literally, holding the ladder or hands-on doing the work. 

The context of due diligence there or consent, connivance, or neglect is very obvious because they are face-to-face with the hazards that are being ignored. We really don't have a good working concept yet of what somebody removed from the day-to-day operations might look like. 

There's a Canadian decision called [...], which involves due diligence in the context of an environmental incident that looks at three levels of management, from a CEO down to a general manager, through to an operations manager, and analyzes due diligence there. It's a bit superficial. It's about 1984, maybe a bit later, 1984–1985, so it's quite old, and would probably be looked at differently through the modern health and safety lens in Australia, but it does provide a bit of guidance. 

It certainly anticipates some level of site inspection from time to time. It anticipates that site inspection would be independent. You wouldn't be led around and get to see what they want you to see, that you'd exercise some level of independence. It certainly anticipates giving directions about safety. It certainly anticipates ensuring that safety initiatives are followed up, and that when things are being asked to be done, they're followed up and closed out. There's some pointers we can look at there.

David: It was interesting, Greg. The way you're describing is (I think) those senior levels, which are the activities that those individuals who have that due diligence obligation would undertake. When we did episode 74, most of the information that was being discussed in that episode was what information might be provided to those officers and directors, not necessarily what activities they might undertake and what information they might seek out. I think there's a different direction of that information.

Greg: I'll come to that; I'm happy to talk about it. You might be surprised that I do have some views. When we talk about that issue of site inspections, in particular, I think we have to be very cautious. They are oversold as an exercise in due diligence for safety. I think that they're important. I understand why you want executive management on site. I get that.

If you stop and think about the limitations, there are three critical ones. The first limitation is you assume that if I'm out there looking at something, I know what I'm looking at. Fundamentally, many times you don't. I can address that out and go with a subject matter expert, and they can explain what I'm looking at. That's fine. 

The second thing, and this is probably more concerning, is any assumption that when a member of the board rolls up to have a look at work, they're looking at the way work is normally performed. If you think that's happening, let's be fair. In some places, it might but most of the time, most organizations get pretty polished up before the board shows up. 

Thirdly, if you've got all of those things, you know what you're looking at and what you're looking at actually represents the way work is performed, you are seeing a tiny snapshot of the organization. In terms of providing any meaningful insight into health and safety, it's a tiny snapshot. It's useful from a personal liability perspective, tick, I've gone, I've looked, I've made some inquiries, I've followed up, I'm doing something, but it doesn't really give you the level of assurance you want. The next logical issue is okay, well, how do we start framing this up?

David: Just when you talked about those three limitations of site inspections as individual discrete activities that directors can do, because I could have visioned, if you were looking for a checklist, it might be doing inspection once a month then tick, okay, I've gone and I've sought to understand and know the risks in the business. I think those limitations have tiny snapshots. The tangent that I was thinking of in Australia, we somewhat recently had a banking royal commission, which actually looked into (I suppose) the role. Again, in my layman's understanding of it, I looked in some ways as to why a board can't be involved in every single banking transaction that occurs.

What's the board's responsibility in setting the conditions, or if you like, the culture of the organization that informs the way that decisions get made, and what are the priorities? You're not really necessarily about pointing time activities. Then you're trying to ask boards to set tone direction culture for an organization. That was the tangent I was going to go down if it wasn't for these discrete activities. Is it more these broader expectations?

I think it is, David. Again, it is a little bit conditional. If you're a large organization, lots of operations, you're so far removed from the day-to-day transactional business that you're never going to get a meaningful insight around that. If you're a small family business, then due diligence expectation is much more about knowledge of the specific hazards associated with the specific work because they're probably just outside your window on a day-to-day basis. Which is why small business owners are prosecuted, not chief executive officers of mining companies because they have a physical location connection, whatever it is with the actual hazard. 

Health and safety is still very simplistic in that sense the closer you are to the physical hazard. The bloke holding the spanner–type of mentality still dominates practical day-to-day safety in Australia. I take my lead in this from the Pike River Royal Commission, the underground coal mine explosion in New Zealand that killed 29 people. The Royal Commission—they're talking about the role of the board—said, the board received information about time loss to accidents, which isn't much in assessing the risks associated with a high hazard industry, which we've known for decades. But then went on to say the board appears to have received no information proving the effectiveness of crucial systems. 

Once you get to a certain size, in terms of a board and an organization, the conversation at board level is first and foremost, what are we (as a board) from a health and safety perspective concerned about, or what should we be concerned about? You can take guidance from external advisors, you can take guidance from your health and safety team or whatever it is. To adopt the language from Pike River, what are our crucial systems? They may be hazards, it might be as simple as working at heights, release of hydrocarbons, or underground rock fall, so specific hazards. 

But I think, particularly as you get larger, the conversation needs to turn more to systemic issues. What is the quality of our supervision? Critical control in most organizations? What is the capacity of our people to identify and understand the risks associated with their work? Do our systems of training and competence work effectively and deliver the results that we need? Those high level systems type issues. 

If you adopt that systemic way of thinking, that way, when you do get an incident that makes its way to executive leadership or the board, you can look at it through the lens of those overarching systems. Thanks very much for this incident report. We understand we're going to replace these widgets. What does this incident tell us about the quality of supervision in our business? Is this incident reflective, or one off departure from otherwise effective systems, or is it telling us something more systemic about the failures in our business? 

In that context, I think the role of health and safety reporting is to inform the board about their concerns. Monthly or quarterly, whatever the reporting is a monthly report, during the last month, these are the activities that we've undertaken as an organization to inquire into the things that the board is concerned about. Based on those inquiries, this is what we've found. 

It's a narrative, it's an explanation. It's not a number, it's not a graph, it's not, we have done 34 safety conversations, and that means the traffic light's green. This month, we've gone out, we've spoken to supervisors, we've observed supervisor behavior, this is what we have looked for, this is what we have observed, and based on that, we are comfortable with the quality of supervision across our projects. Something like that. 

The proactivity from the board is from time to time saying, there has been an incident in an industry similar to ours. We've heard about it, we're concerned about that, can you please go and get some reports down or do a review and come back to us next month and tell us that we're comfortable that our systems to manage that hazard are in place or effective? That kind of reporting and understanding.

David: So they’re two-way, if I understand that, Greg. I suppose that geologists being continual dialog might not be right, but I suppose the expectation of the directors and officers might be that the people inside the organization bring them the things that they're concerned about. Therefore, the senior people should also be concerned about it, and vice-versa that the senior people directors have to pay attention to what's going on in the broader context of the organization, adjacent industries and other things they’re bringing to the organization, the things that concern them if they were to be true in their organization as well. 

Greg: And there should be an ongoing conversation about whether the things the board is concerned about are the things the board still should be concerned about or whether that changes over time. You have to ask yourself the question, if you have a board concerned with injury rate data, then no doubt, that influences the way that injury rate data gets reported. If you had a board that was asking meaningful, informed questions about risk assessment, training, competence, and supervision, that might inform the way that those things are delivered in the organization.

David: I'm sure that it would. Also around critical systems, around specific hazards, it's easy in hindsight to look at incidents, whether it's Pike River around ground stability and coal mine collapse, or whether what we're seeing in Queensland with methane emissions in underground coal mines, or what we saw in (say) Samarco with tailings dam, wall stability, design, and things like that. I think there's also this tangible, ongoing dialogue that needs to happen around those major accident-type of event risks, depending on your industry, and just a constant dialogue around the discussion, checking, and assurance of those critical systems.

Greg: I'll give an example. November last year, we had a collapse over here at Curtin University. It was quite notorious. I think one worker died, with a number of injuries. To me, that's a classic example of where, if I'm a construction company, and I hear about that, and I asked the question to several people in construction and related industries and said, this has happened, what have you done about it? Several of them said, oh, we're waiting until the matters have all been investigated and reported, so we can learn what the technical cause of the failure was.

That's going to be three years down the track. That's why our judicial system works. You're not going to get anything before then. Straight away, I thought, Jesus, good luck. More importantly, it's not the way of thinking. The way of thinking ought to be, this catastrophic event has occurred. Sophisticated organizations would have had detailed systems in place to prevent precisely this thing from occurring. Health and safety team, via the chief executive officer (CEO), health and safety manager, please give that a go, look at our processes for doing this, and give us some comfort that our systems are robust enough, or whatever the case may be.

David: If you know, that's your way of looking at it. I've always been a bit publicly vocal about things like no disrespect to the profession, Greg, because things like legal professional privilege and not sharing of information, not talking to each other, and we don't need to do that now. This idea of okay, these people were scaffolders and it was a scaffolding incident, so if you're a company that does scaffolding, go pressure test your own systems. You don't need to know the failure mode before you go and pressure test.

Greg: That's right. The system of regulation of health and safety in Australia, and getting worse on the back of things like empty sheds, is wholly geared against the idea of learning. We don't regulate safety in this country with an eye to learning. I think that's an enormous problem for us.

David: The pivot, if we move into some practical tips, Greg, because the great thing I love about talking with yourself is your time as a lawyer and your time as a safety adviser, and the way that you communicate through your books as well is, you want to see things change inside organizations. The way that we've responded to this increase, even if it's an irrational fear of prosecution or something like that in some large organizations or for some people, we've responded with all of this paper and all of these systems in processes and forms. 

Maybe we can start talking practically about what's a different way to respond to this growing. The theory that I've got is, as the legislation keeps getting tighter and tighter because we're not learning and improving, then we just keep doing more paper and more systems and don't actually change anything.

Greg: I'm not a throw-the-baby-out-with-the-bathwater approach to this. I do think there has to be some rationalization. I know you do a lot of work around safety clutter and I understand that work. When I say I understand it, from afar I understand. I hope to kind of have your level of insight into what you're doing. That's a concept that makes sense. There's some traps in this conversation that I'm about to have. I'm not an advocate of moving from complexity to simplicity. 

We need to be careful of that because a lot of what we do in safety is not simple. By making it simple, we are actually hiding a lot of risk. The move we need to make—this is what I talked about in the book—was this move from bureaucracy to clarity. We need to put a lot more clarity around our expectations, a lot more clarity around our process, a lot more clarity around what matters. To me, the way I stress-test this with organizations is by looking around checklists or take any checklist, something like a pre-start checklist on a vehicle.

You have to ask the question, how much time, effort, and energy is the organization actually going to put in to make sure this checklist is completed in a way that meets the expectation of the organization? I complete it. Everyone completes one of those every day. We're filling them out in the pads, whatever we're doing. How many times in that enormous process do we come along since we check the checklist, work with the people who have done the checklist to go through it, make sure everything they've done is correct, and really stress test it? Because it's an important part of our process. 

If we're not doing that, why do we bother? If we're not going to put in the time and effort to make sure the process is meeting our expectations, then we should probably stop doing the process. Once you realize which part of your process actually warrants the time and effort to make sure it's being done properly, as opposed to being done, but it's being done properly in moving expectation, then I think that helps to isolate how much process you actually need.

David: That's a great story with clutter. At least I know that the conversation Drew and I had with our fear is that people think that what we're advocating with decluttering is just throwing a lot of stuff in the bin and what we're not. We're actually advocating knowing how effective what you've got actually is, or how useful what you’ve got actually is. If it's not useful, then it's potentially clutter, but some organizations are just going in. Fast forward, I think Drew and I are going to talk about the safety clutter on episode 80. The idea is that actually knowing what each process contributes to the safety of work. 

I love the way you use clarity there, because there's a whole lot of ways to manage the fit for purposeness of a vehicle, that procurement strategy around the vehicles, the maintenance strategy around the vehicles, and the individual inspection. You make us feel good with all of that admin going on, but if we pick the 20% or 30% of things that we think are going to make a big difference, redistribute that 100% of effort, and put three times as much effort into the 30% most important things, we probably would shift the dial on management of risk.

Greg: I talked with people I worked on. I like to use the phrase that safety is an intellectual exercise, not a checklist. Let's be fair. Safety is not the only profession/industry/function that suffers from this. If you think back to human resources and performance reviews, performance reviews have probably got a sound psychological functional basis, but for many people they become this perfunctory checklist process that we have to do. Intellectual capital is not applied. 

You see that in all sorts of business functions, safety is not on its own here. The real challenge is how do we shift safety back into a meaningful conversation, an intellectual exercise, or something like that. This is the role. If we get it right, if we stop promoting due diligence under WHS legislation as a checklist of six or seven subsections and say to people, those subsections are part of a broader whole. The broader whole is, how do you (as an officer of this organization) understand that you've got proper systems to manage the hazards in the business and understand the extent to which those systems are implemented and are effective to manage your hazards? 

If we can frame it up like that and have every company officer walking into every board meeting or every safety meeting, or every engagement with the organization with those two questions front of mind, I think that becomes a really important shift in the conversation we're trying to have. My fear is that the response is to simply look for a different metric. The metric, in my experience, is the conversation killer. We need the conversation more than we need the metric.

David : That's great. Great advice for directors. I wouldn't mind picking your brain as well, just on practical advice for safety professionals, because they might only see their board of directors once a month, once every three months, or something like that. You've been a safety professional in those roles. What would you be taking into that conversation? Even if you've got a board that's expecting to see injury rate metrics every time that you see them, how would you maybe be trying to help them and maybe help the organization by reshaping that conversation? Do you have any thoughts and advice for that?

Greg: Hand on heart, I have abjectly failed to shift that thinking when I've been in that role, which is part of my frustration with the role. To be fair to the organizations that I've been engaged with, that's largely because the pressure for the types of safety information we've been critical of in this presentation is not internal, it’s external. It's imposed on them by the stakeholders. If I did this wrong, slap me down, but I think it's right that I do have demonstrated safety. I think that you speak of that. We've got to demonstrate this for external stakeholders. And that's a problem. 

I've talked to individual managers at different levels of organizations who cannot influence the structure of the safety management system or cannot influence reporting metrics. I say to them, well, you still have those personal obligations, you need a structure to manage those. These are the two questions you need to keep in front of mind. In my area of responsibility, do we have proper systems? How do I know that those systems are implemented and effective? 

I would say the safety professionals in the same way. Fundamentally, the role of the safety professional in an organization is to help the organization achieve safety outcomes. That is fundamentally supported by the idea of proper systems and adequate assurance. Health and safety people also need to try to reframe their mindset to ask those questions on a more regular basis. 

Even at its most basic level, David, think about a term of reference in an incident investigation, where the incident investigator has to make a finding about whether there are proper systems to manage the hazard that was revealed by the accident and prior to the accident, what evidence was there that we had assurance about how well those systems were implemented? Even if we just dig that, we shifted that thinking in our incident investigations. That will probably help us to reveal a bit more of what we're getting in our organizations at the moment. 

David: That's fantastic advice around what you could do even if it was a process like an incident investigation. I also took out of that, how aligned the role of a safety professional is with the role of a director in an organization in terms of the way they should be framing, the outcomes they're trying to achieve with the organization, firstly. Secondly, the questions and how they should be framing that in their mind. 

Even how you said earlier on in the conversation about bringing an independent mind to the conversation. We talked about the independence of the cognitive, the social, the political independence of the safety profession as it's listening to what management is saying and what the workers are saying and what it's doing. I'm very much on the same team, which means, obviously not on a different team for the rest of the organization as well. Is there anything else you'd like to share and throw out there around this idea of due diligence? 

Greg: Just to say that the people in the operational world, the CEOs, and [...], are very much the eyes and ears of the board. The board has to exercise due diligence. There are independent things they can do, but they rely very much on the risk of the organization being the eyes and ears and bringing the information back for them to critically challenge. The health and safety profession in an organization very much fulfills that role. Over and above that, they feel they provide or should be providing the expertise to really give effect to that eyes and ears role. 

Ultimately, the board has got to define what they are concerned about because that governs what the organization is going to pay attention to. As we've touched on, if it's the injury rate number, then the eyes and ears of the organization will be listening and looking for that. If it's proper systems and adequate supervision, then perhaps the eyes and ears, look and listen for something else. 

David: Thanks. Great summary, Greg. Today, we ask the question, what is due diligence? I'm happy with that answer. Greg, do you want another go at the elevator pitch answer to what is due diligence.

Greg: The elevator pitch answer for me for what is due diligence is whether the individual is exercising and understand if there are proper systems to manage the hazards in the business, and the extent to which they know whether those systems are implemented and effective. 

David: Perfect. Thanks so much, Greg. Thanks for reaching out the other week and offering your support around these ideas. We haven't gone to research about Paper Safe and three decades of experience with OSS law is more than enough expertise and credibility for me. I learned a lot in this conversation. It's actually going to help me with something I'm about to do next week. Thank you.

Greg: Goodluck with it.

David: Thanks so much for your time, Greg. That's it for this week. We hope you find this episode thought-provoking and ultimately useful in shaping the safety of work in your own organization. Send any comments, questions, or ideas for future episodes to us at