Managing Work Health and Safety Risks

When we think of safety during National Safe Work Month, we think of the new and innovative systems we should focus on to show we are committed to work health and safety. But instead, National Safe Work Month is the perfect time to go back to the basics and undertake one of the often-forgotten risk management steps – that of audit and review – and remember the focus of all the safety efforts.

But what is the focus – and what is audit and review?

Sometimes, focusing on the latest and greatest may not yield the best safety dividends. However, going back to basics – considering the nub of the safety obligation and whether your business meets the statutory minimum requirements – can yield the greatest safety return.

Step 1: The focus

The first step in a timely safe month audit and review is reminding the business of the goal or the purpose of its safety management systems. This purpose or goal arises from the work health and safety obligations imposed on the businesses as a PCBU.

Ensuring work health and safety is achieved when a business ensures, so far as is reasonably practicable, that risks to work health and safety are eliminated. If elimination is not reasonably practicable, then the work health and safety obligation is met when risks are minimised so far as is reasonably practicable.

The focus of any work health and safety is the elimination or the minimisation of risk. The focus is not having the latest innovation and automated systems. The focus is risk management.

So, do we manage risk? Do we manage risk as required by the statutory obligations? Do we know what risk management entails?

Step 2: Managing risk

This National Safe Work Month, undertaking a review and audit of how your business manages risk and whether it does so as statutorily required may yield very real benefits.

Regulation 36 of the Work Health and Safety Regulation 2011 sets out a hierarchy of control measures to eliminate or minimise risk. A duty holder is statutorily obliged to implement risk control measures in accordance with this hierarchy in order to meet its statutory risk management obligations. The hierarchy requires a business to first consider and implement risk controls that:

  1. substitute the hazard giving rise to the risk with something that gives rise to a lesser risk;
  2. isolating the hazard from the person who may be exposed to it; and
  3. use engineering controls.

Regulation 36 goes on to provide that after implementing the controls set out above, if there is any risk remaining, then the business should minimise that remaining risk by implementing administrative controls such as training or hazard signs.

Finally, after any administrative controls are implemented, if a risk remains, the business should use suitable personal protective equipment.

This approach is often different to how a business operates in practice. While the statutory obligation presupposes that a business will not proceed to administrative or PPE controls until it has considered and implemented the higher-level controls (substituting, isolating or engineering controls), in practice, businesses often immediately proceed to training, signage and issuing PPE and assume the job is done.

While there is nothing wrong with the balance of controls that incorporates training, signage, or PPE, a business should not use administrative and PPE controls until the higher controls are considered.

This has been illustrated in a recent decision in the South Australian Employment Court. In Campbell v Dial A Tow Australia Pty Ltd [2022] SAET 124, the employer’s culpability for breaching its safety obligations was considered greater because the business implemented administrative controls while ignoring engineering controls.

In this case, a young worker was working with a modified-designed tow truck. The tilt tray could be retracted towards the truck’s headboard (this being a crush zone) by remote control. Toolboxes had been fixed on either side of the headboard facing the tray. The toolboxes contained tools and other objects that the tow truck operators would usually utilise. Hence, there was a heightened risk that a worker might be working in and near the crush zone.

The PCBU undertook a hazard and risk identification process and noted the risk of crushing. The PCBU implemented a risk control measure being an instruction to be clear of the danger zone when the tilt tray was being retracted. By implementing this administrative control, the risk of injury was assessed as low. Workers were trained in administrative control.

Sadly, the young worker entered the crush zone (behind the operator, who was retracting the tilt tray by remote control, and therefore, out of the operator’s sight). The worker was fatally injured when crushed between the leading edge of the tray and the headboard.

In its sentencing decision, the court noted that adopting engineering methods – such as sensors that would have prevented the tray from being moved remotely when it neared the headboard, could have minimised or even eliminated the crush injury risk.

The employer’s breach was exacerbated because it relied upon administrative controls while failing to consider or implement engineering controls. In relying on the administrative control, the business was unable to establish that it minimised risks so far as reasonably practicable. It therefore failed to ensure safety and health.

When your business considers risk control measures, does it immediately consider training, warning signage, or issuing PPE – but fail to examine any higher level – engineering – controls that would better eliminate or minimise risk?

This National Safe Work Month is the time for businesses to review and audit whether risk controls focus and rely heavily on administrative and PPE controls rather than adopting and implementing engineering controls. Can your business demonstrate that it has considered substitution, isolation or engineering controls before implementing administrative and PPE controls?

If your business cannot, then it may be very difficult for your business to satisfy a Court that it has eliminated or minimised risks so far as is reasonably practicable.

This National Safe Work Month is the time for your business to review and audit whether:

  1. workers understand risk management processes and controls and, in particular, the hierarchy of controls;
  2. executive officers understand risk management processes and the hierarchy of controls (how can executive officers exercise due diligence if they do not understand the principles of risk management and the hierarchy of controls); and
  3. the risk management controls for your highest risk operations have sufficient focus on engineering-type controls, rather than relying on administrative and PPE controls.

Contact us if your business is unsure about what is required to manage work health and safety risks. Understanding the statutory process for risk management will yield a greater work health and safety compliance performance.


For further information regarding the above, please contact the author or any member of our Employment, Workplace Relations & Safety team.


This information and the contents of this publication, current as at the date of publication, is general in nature to offer assistance to Cornwalls’ clients, prospective clients and stakeholders, and is for reference purposes only. It does not constitute legal or financial advice. If you are concerned about any topic covered, we recommend that you seek your own specific legal and financial advice before taking any action.