Documente Academic
Documente Profesional
Documente Cultură
SUMMARY
The Rail Safety National Law [1] and the model Work Health and Safety Act [2] both require safety risk to be
eliminated or minimised so far as is reasonably practicable (SFAIRP). SFAIRP requires a positive
demonstration of due diligence. Most technical safety work is done in the context of ensuring technical
safety is as low as reasonably practicable (ALARP). There has been an on going attempt in many places to
equate the SFAIRP and ALARP. This paper will describe why this cannot be done and explains why
adopting the SFAIRP process is sensible and forensically defensible.
The meaning of reasonably practicable is then (b) to gain an understanding of the nature
defined (Section 47): of the railway operations of the person
and, generally, of the risks associated
… reasonably practicable, in relation to a duty to with those operations; and
ensure safety, means that which is (or was at a (c) to ensure that the person has available
particular time) reasonably able to be done in for use, and uses, appropriate
relation to ensuring safety, taking into account resources and processes to eliminate
and weighing up all relevant matters, including— or minimise risks to safety from the
(a) the likelihood of the hazard or the risk railway operations of the person; and
concerned occurring; and (d) to ensure that the person has
(b) the degree of harm that might result appropriate processes for receiving
from the hazard or the risk; and and considering information regarding
(c) what the person concerned knows, or incidents and risks and responding in a
ought reasonably to know, about— timely way to that information; and
(i) the hazard or the risk; and (e) to ensure that the person has, and
(ii) ways of eliminating or implements, processes for complying
minimising the risk; and with any duty or obligation of the
(d) the availability and suitability of ways to person under this Law; and
eliminate or minimise the risk; and (f) to verify the provision and use of the
(e) after assessing the extent of the risk resources and processes referred to in
and the available ways of eliminating or paragraphs (c) to (e).
minimising the risk—the cost
associated with available ways of The penalties for officers of persons conducting
eliminating or minimising the risk a business or undertaking are high (Section 58):
(including whether the cost is grossly
disproportionate to the risk). 58—Failure to comply with safety duty—reckless
conduct—Category 1
Section 48 then goes on to explain the (1) A person commits a Category 1 offence if—
relationship between the rail safety law and OHS (a) the person has a safety duty; and
legislation. It is absolutely clear that OHS (WHS) (b) the person, without reasonable excuse,
legislation takes precedence. For example the engages in conduct that exposes an
note to Section 48 (20): individual to whom that duty is owed to
a risk of death or serious injury or
For example, if a provision of this Law deals with illness; and
a certain matter and a provision of the (c) the person is reckless as to the risk to
occupational health and safety legislation deals an individual of death or serious injury
with the same matter and it is impossible to or illness.
comply with both provisions, a person must Maximum penalty:
comply with the occupational health and safety (a) in the case of an individual—$300 000
legislation and not with this Law. If provisions of or imprisonment for 5 years, or both;
both this Law and the occupational health and (b) in the case of a body corporate—
safety legislation deal with the same matter but it $3 000 000.
is possible to comply with both provisions, a
person must comply with both. Unlike the model WHS act, reckless conduct
(knew or made it happen) does not appear to be
The legislation, like the model WHS act spells a crime.
out the duty of officers and how this obligation to
demonstrate due diligence can be met (Section SFAIRP vs ALARP
55):
Whilst the two approaches may set out to
achieve the same outcome, that is, to
(1) If a person has a duty or obligation under
demonstrate due diligence with regards to safety,
this Law, an officer of the person must
the implication that having achieved ALARP will
exercise due diligence to ensure that the
forensically satisfy SFAIRP post event is naively
person complies with that duty or obligation.
courageous. This is simply because the
processes required to demonstrate each is
(3) In this section— due diligence includes
different, especially for high consequence, low
taking reasonable steps—
likelihood events, the ones that are the subject of
(a) to acquire and keep up-to-date
judicial scrutiny.
knowledge of rail safety matters; and
* ALARP asks what is the risk associated with attempt to legally recover the situation. Figure 2
the hazard and then can that risk be made as shows the difference between the two
low as reasonable practicable. approaches, especially for high consequence,
low likelihood events. The top loop describes the
* SFAIRP asks what are the available hazard based, risk focused analysis. If the
practicable precautions to deal with the technical risk target were achieved in reality, the
identified issue and then tests which hazards of concern would not eventuate in the
precautions are reasonable based on the analyst’s lifetime. But this is not the way of the
common law balance (of the significance of world. Sometimes bad things will happen and the
the risk vs the effort required to reduce it). courts will examine the results.
The possibility of the results of the two processes The bottom loop describes the precautionary
being identical is, in the authors’ opinion, nil. In legal process applied by the courts. This is
view of the requirements for SFAIRP under the necessarily hindsight biased. The courts simply
Rail Safety National Law (Section 46) and the do not care how often matters went well. By
model WHS act (Section 17), and others, this is definition, the courts only examine the minority of
a serious issue for engineers. things that went wrong. And, after the event, the
fact is certain. This means that, from the court’s
The ALARP process requires that hazards be viewpoint, prior-to-the-event estimates of rarity
identified, the risk (likelihood and consequence) for serious events were presumably flawed and
associated with them be determined and then that, prima facie, those who made such
compared to acceptable or tolerable risk criteria. estimates have provided beyond-reasonable
If the criteria are not satisfied then risk doubt proof of negligence. As a judge in NSW
treatments are applied until they are. Caveats to has been reported as saying to engineers after a
the approach can be applied such as avoiding major rail accident:
avoidable risk and even testing if further
precautions can be justified even if the target What do you mean you did not think it could
level has been met, but these are afterthoughts, happen? There are 7 dead.
not the primary process and presumably an
Hazard focussed
Technical
risk
targets
Future uncertainty
Decision re hazard Unwanted Event/s Judgement Time
Judicial
Scrutiny
Precaution focussed
The way the courts assess the situation is to precautions suggested by such experts (after the
consult post-event expert witnesses as to what event) were reasonable in view of what was
could have been done to have prevented the known at the time of the decision.
disaster. Being an expert with the advantage of
hindsight is a comparatively straight forward Figure 3 describes the two approaches in a
task. The only time the notion of risk is used in different way. The left hand side of the loop
court is when the court is testing to see if the describes the legal approach which results in risk
Criticality
Establish critical Hazard analysis and risk calculation
hazards process to determine the nature of risk
and the level of risk
Preventability
(inherently unrepeatable)
Identify all practicable
precautions for each critical
hazard following the hierarchy
of controls Selected risk criteria
terms of reference against which the
significance of a risk is evaluated
(inherently subjective)
Risk Management
Reasonableness of downside (negative or pure) risk
Determine which practicable Compare against criteria
precautions are reasonable process of comparing the results of risk
based on the High Court analysis with risk criteria to determine whether
established balance the risk and/or its magnitude is acceptable
(disproportionality) (may eliminate further consideration of
acceptable or tolerable risks)
Implementation
of reasonably practicable Risk mitigation and management options
precautions SFAIRP ALARP process to modify risk.
(may not follow the hierarchy of controls)
Due Diligence
The hazard based loop, shown on the right hand especially with regard to human failings and
side, attempts to demonstrate that risk is as low management systems. Quoting Mark Tweeddale
as reasonably practicable or ALARP. But there [15]:
are major difficulties with each step of this
approach as noted in blue. In the case of the process industry, most of the
major disasters in recent years have resulted
Firstly, hazard analysis and risk calculations are primarily from failures of management systems,
inherently unrepeatable. Two independent risk which would not have been included in the
experts assessing the same circumstances or quantitative assessment of risk, and not from
situation never come up with the same answer random equipment failures such as are
(unless they use deliberately identical statistically assessable using data from data
assumptions and processes in which case the banks. This is a most serious limitation...
assessment is not independent). Risk
calculations and characterisations to enable a Secondly, risk criteria are subjective. The old
comparison with risk criteria are always imperfect adage should probably be extended to; there are
lies, damned lies, statistics and then there are the authors [4]. Another more recent example is
target risk criteria. Most risk criteria are based described in the report to the Victorian cabinet by
on statistical analyses. The traditional way to the Powerline Bushfire Safety Taskforce [16]
determine them is to consider mortality and injury arising from the Victorian Royal Commission into
statistics. But they are just that, statistics. The the Black Saturday bushfires that killed 173
numbers change according to the exposed group people in 2009. This report explicitly uses the
selected. SFAIRP approach in the formulation of its
recommendations which were all accepted by
For example, the lightning strike death rate of the Victorian government.
around 1 in 10 million (for the whole population)
CONCLUSION
is often selected as the lower limit to risk scrutiny
for individual risk. However, if the mortality The Rail Safety National Law (and the model
figures for the group of people who play golf Work Health and Safety legislation) require, by
during lightning storms is considered, it will be statute, a positive demonstration of safety due
much higher. Which number ought to be used? diligence by responsible officers of railway
Further, the inconsistency in individual and businesses. This specifically rejects the ALARP
societal risk criteria between industries (dam and approach, especially using target (acceptable or
air safety for example) and states, especially tolerable) levels of risk or safety.
Victoria and NSW dating from the mid-nineties is The point of the SFAIRP approach is to
problematic. demonstrate, that provided something is not
prohibitively dangerous that it ought not to be
Thirdly, if the risk associated with a hazard is done at all, that all reasonable practicable
below acceptable or tolerable threshold, there is precautions are in place for foreseeable critical
a tendency to say that nothing further needs to hazards. Essentially, arguing over degrees of
be done, which is always problematic with low rareness for high consequence outcomes pre-
frequency, high severity events. The overall event is simply indefensible, post-event.
situation is perhaps best summarised by Chief
Justice Gibbs of the High Court of Australia [8]: This has extraordinary and perhaps unintended
consequences. These include:
Where it is possible to guard against a * Rejection of the risk management standard
foreseeable risk, which, though perhaps not (ISO 31000) approach as a competent
great, nevertheless cannot be called remote or method of demonstrating safety due
fanciful, by adopting a means, which involves diligence in Australia, at least of high
little difficulty or expense, the failure to adopt consequence, low likelihood events.
such means will in general be negligent.
* A number of well recognized technical
standards encourage the use of risk targets
That is, it does not matter how low the risk
including the SIL (Safety Integrity Level)
estimate is, if more can be done for very little
standard, IEC 61508; the high voltage
effort, then the failure to so will be negligent, in
earthing standard EG(0) and others.
the event of an incident
Exclusive use of such approaches will
probably render relevant officer practitioners
This leads to the fourth concern; that the
reckless under the new legislation in the
temptation is to implement a precaution that unlikely event of a death or injury resulting
reaches the target risk threshold without formally from subsequent designs.
considering the hierarchy of controls.
However, the precaution based SFAIRP
Engineers often argue that, if you set the law approach provides for better, legally explicable,
aside, the only way to demonstrate due diligence output focused safety outcomes.
is the ALARP approach. This is simply not a
viable proposition. The laws of man may not be
ignored. Our parliaments and courts necessarily REFERENCES
reject this. It has always been clear that the 1. South Australia. Rail Safety National Law
courts will interpret the circumstances (South Australia) Act 2012. Version:
surrounding death, injury or damage in legal 20.1.2013.
terms. This proposition is easily confirmed by
2. Model Work Health and Safety Bill. Model
consulting in-house legal counsel.
Bill 23/6/2011
An example of the SFAIRP approach applied to 3. Standards Australia & Standards New
a rockfall issue for Lapstone Cutting in NSW on Zealand, 2009. Risk Management Principles
behalf of Railcorp is described in the paper by and Guidelines AS/NZS ISO 31000:2009.
Sydney.
4. Francis G E & Robinson R M, The 12. Shipping Corporation of India Ltd v Gamlen
Implications of Common Law Due Diligence. Chemical Co. A/Asia Pty Ltd [1980] HCA 51;
CORE 2010, 14 September 2010, (1980) 147 CLR (12 December 1980)
Wellington. 13. Robinson Richard M, Gaye E Francis, Peter
5. Adapted from: Hurley et al (2013). Risk and Reliability:
th
http://www.austlii.edu.au/au/other/liac/hot_to Engineering Due Diligence (9 Edition).
pic/hottopic/2002/3/1.html viewed 5 April R2A Pty Ltd.
2013. 14. From:
6. Adapted from: http://www.safeworkaustralia.gov.au/sites/S
http://www.hcourt.gov.au/about/role-of-the- WA/about/Publications/Documents/607/Inter
high-court viewed 28 April 2013. pretive%20guideline%20-
7. Adapted from: %20reasonably%20practicable.pdf viewed
http://www.nswbar.asn.au/docs/resources/p 24 July 2013
ublications/structure.pdf viewed 5 April 15. Tweeddale M, 2003. Managing Risk and
2013. Reliability of Process Plants. Boston: Gulf
8. Turner v. The State of South Australia Professional Publishing.
(1982). High Court of Australia before Gibbs 16. From:
CJ, Murphy, Brennan, Deane and Dawson http://www.esv.vic.gov.au/Portals/0/About%
JJ. 20ESV/Files/RoyalCommission/PBST%20fi
9. Institution of Engineers, Australia (1990). nal%20report%20.pdf viewed 5 April 2013.
Are You at Risk? Canberra. See Section 3.6 Precautionary approach to
th bushfire risk reduction (page 52) and
10. Black’s Law Dictionary, 4 Edition (2009) Appendix E Threat-barrier analysis (page
11. LexisNexis Concise Australian Legal 146).
th
Dictionary, 4 Edition (2011)