Due diligence

The following quote reflects the perception of the due diligence defence:

“Due diligence is a defence to most OHS and Environmental offences.  Due diligence is demonstrated if a company or individual takes all reasonable steps to avoid an event.

Accordingly, when company policy clearly describes an unequivocal (obvious) and clear commitment to providing a healthy and safe workplace, and when line managers’ and supervisors’ responsibilities for health and safety are clearly spelt out in their job descriptions, and when programme implementation has been assigned and the necessary resources provided, due diligence has likely been demonstrated and guilt before the law would only be tied to those who have failed to take the reasonable steps necessary to fulfil their responsibilities.”

S R Miller

Senior Regulatory Council

Petro-Canada

The defence of due diligence has brought a new dimension to management responsibility and accountability.    

All regulations include some requirements for:

• Employee training.
• Appropriate training records.
• Regular review of key training.
• Provision of proper procedures and safeguards.
• Regular inspection and testing of plant and equipment, and
• Reasonable efforts to prevent occurrences which result in harm to personnel, the community or the environment.

These operational practices and procedures are implemented within a company to optimise efficient production while preventing unintentional harm to employees, equipment and the environment.  Due diligence means taking care.  In the workplace, that means taking all reasonable care in the circumstances to protect the health and safety of all workers.  Due diligence must be expressed in the behaviour and attitudes in the workplace and cannot be made up after-the-fact. 

Unfortunately, it has been observed in the courtroom that accused employers often “make up” a defence when presenting their side of the story to the court.

What is striking about these instances of alleging due diligence after-the-fact is that corporate witnesses (from supervisors to CEO’s) often display a profound lack of understanding of the statutory duties of the employer with respect to the circumstances of the case before the court.  The duties of employers are spelled out in the Act and include :

• Providing equipment, materials and protective devices as prescribed by the regulations.
• Seeing that this equipment is maintained in good condition.
• Seeing that the equipment, materials and protective devices provided are used as prescribed.
• Providing information, instruction and supervision to workers to protect their health and safety.
• Appointing a competent supervisor.
• Acquainting the worker with any hazards in the workplace.
• Carrying out the measures and procedures required by the Act and regulations.
• Providing assistance and co-operation to a joint health and safety committee, and
• Taking every precaution reasonable in the circumstances to protect workers.

Many witnesses called to give due diligence evidence for the employer either do not understand these duties or do not know how to ensure that they are discharged effectively.  Yet, this understanding is essential to establishing due diligence in both the workplace and the courts.  If an employer or managers don’t understand their duties under the Act, attempts at being duly diligent will be simply hit or miss and using due diligence as a defence will surely fail.  

Along with the lack of understanding of the duties imposed by the Act, employers often do a poor job of assessing potential hazards in the workplace.  The various regulations to the Act specify the risks or hazards in the workplace that should be guarded against.  In addition, the list of duties outlined above points to other potentially hazardous situations in the workplace, including incompetence of supervisors, ignorance of workplace dangers, poorly maintained equipment and inadequate instructions and supervision.   

The key to understanding the concept of due diligence is understanding the meaning of the words “duty” and “risk”.  In any prosecution under the Act, the state must show a breach of duty by the employer. 

Once that has been accomplished, the state should be able to show that the employer failed to guard against the risk.  For its part, the defence must show that despite the occurrence of contraventions of the Act, all due care was taken in the circumstances.

How does one show all due care?  One must go back to the concepts of duty and risk to demonstrate due diligence.  Just as duty and risk can be used to establish negligent conduct, so too can they be used to demonstrate that all reasonable care was taken to prevent the alleged prohibited act.  

Understanding not only how the prohibited act occurred but also why it occurred, is pivotal to the defence.  When asking the question “why did this omission occur?” one will automatically know whether the duty was breached.  The duty is tied directly to the prohibited risk.  

Take, for example, a case in which an employer is charged after a worker in an industrial establishment loses a hand in a punch press.  The state alleges that the machine the worker was using was not guarded.  What are the elements of a due diligence defence?  

The prohibited risk is operating a machine that may endanger a worker.  The duties relevant to the defence of due diligence would include :

• The provision of a guard on the machine.
• Instruction on how and when the guard was to be used.
• Supervision of the worker by a competent person.
• Steps taken to see the guard was used; and
• Acquainting the worker with the risk of using the machine without a guard.

 It is not uncommon to see a due diligence defence presented on the basis that the worker was well-experienced in the operation of the machine and was acquainted with the risk of running it without a guard.  

A long paper trail of company rules and training sessions may also be presented to the court to show that due care was taken.  

However, with just a little probing, it can be discovered that no steps were taken to reasonably verify that this experienced worker was, in fact, using the guard as required.  The company relied solely on the worker’s skill and experience with respect to the guarding of the machine and had no systems in place to see that the guarding regulations were being followed.  By showing that the company failed to carry out one relevant duty, the state can undermine the due diligence defence.

In this example, even if the worker was very experienced, it is not open to the defendant to argue that he does not have to provide information, instruction and supervision.  That is the standard duty of care expected of the employer.  What can be argued is the extent or quality of the training that was given or its relevance to the cause of the incident.

Likewise, it is still open to the state to argue that, despite the worker’s experience, the extent or quality of the training or supervision he received was inadequate.  The law does not stipulate a certain standard for training or supervision; it’s up to the employer to set these standards.

Often in a prosecution, however, employers have no standards to show the court.  They seem to prefer to argue that, because the worker was experienced, they don’t have a duty to supervise.  This argument is doomed to failure.  To successfully maintain a defence of due diligence, an employer must have performed all of his duties with respect to the specified risk set out in the charge before the court.

Perhaps the greatest misconception about due diligence is the belief among employers that being generally due diligent in the workplace, is enough to establish a defence against specific charges in the court.  That’s not the case.  The court is not interested in what was generally done to be safety conscious.

Due diligence is a defence which requires evidence that specific steps were taken to prevent the alleged contravention.

For instance, going back to the machine guarding example used earlier, due diligence could have been established by relating to the employer’s duties under the law to the guard on the machine.  If the guard was provided and maintained in good condition and the worker acquainted with the hazards, trained on the use of the machine guard and supervised, then due diligence would have been achieved.

Due diligence does not mean that accidents will not happen.  Due diligence means doing reasonable things to try and prevent harm to workers.  If an employer cannot demonstrate that he has fulfilled all of his statutory duties, then he can never establish due diligence.

Another aspect of due diligence that employers generally have difficulty with, is the idea of foreseeability.  Foreseeability simply means determining risks in advance.  With the passage of time, many dangers in the workplace have become so “foreseeable” that they have been incorporated in to the Act.  

A guard on the punch press is a good example.  Experience has shown that workers receive injuries on such machines.  Even trained workers can inadvertently place a hand in the way of the stamping die during a momentary lapse of concentration.  

Therefore, a regulation was developed that requires employers to provide equipment to try and prevent this from happening.  The regulation itself foresees the danger.  

There are many other risks which are not covered by regulations.  Instead, it’s up to the employer to foresee them and guard against them.  The employer’s actions against foreseeable risks can form the basis of a due diligence defence in court if an incident does occur.  

Unfortunately, employers tend to take the opposite tack in court, arguing that the incident before the court was not foreseeable.  

For example, employers still argue that an experienced and trained worker’s failure to use a guard on a punch press is not foreseeable.  In a way, that’s understandable.  We expect a skilled worker who understands the operation of the press to use a guard.

However, the argument does not take into consideration the fact that people may take short cuts and run risks.  These things are foreseeable and the employer is responsible for ensuring through adequate supervision and enforcement that they do not take such risks.   

In a recent case, a young worker doing piece work was injured after removing the guard from a machine to speed up his work.  

Even though the employer had provided guards and trained its workers, the court found that inadequate supervision had led to the accident.  

The employer had allowed the worker to come into the shop early and begin work unsupervised.

Due diligence in the workplace is not what is “made up” for the courtroom, it is a way of conducting business on the shop floor.  Due diligence occurs when an employer knows his statutory duties; has assessed the risks and hazards in the workplace; has carried out his duties with respect to those risks;  and has maintained standards of quality with respect to his duties in the workplace.  

An employer cannot properly carry out his duties without accurately assessing the potential risks or dangers that occur and evolve in the workplace.  An employer may have addressed all the problems associated with the guarding of his machines, for instance, but failed to assess whether they way in which he stores materials endangers workers.  

Once an accurate assessment of the risk and dangers in the workplace has been done, the employer can determine his duties.  For example:

• Is there competent supervision?
• Have the workers been trained with respect to both the operation of the machinery and the hazards that exist?
• Is there a procedure in place to monitor and enforce the training given to the workers?
• Have the protective devices required by the regulations been installed and maintained?
• If an employer can answer yes to these types of questions, then due diligence has likely been achieved.

The assessment of risks must be an ongoing process.  Due diligence is dependent on the present conditions in the workplace, not those that existed last year.  Employers must consider the impact of such things as changes to machinery, employees and procedures when determining whether he is carrying out his duties.

Advice on due diligence tends to centre on policies, practices and procedures.  There is no doubt that these are essential but without adequate follow-through, due diligence won’t be achieved.  When a huge volume of documents are entered into evidence by the defence, it is usually a sign that a lot of thought went into developing safety policies but little was done to implement them.

One case that stands out involved a large multinational company that had very effective policies and procedures to safeguard its workers.  The company had an Achilles heel.  No one had bothered to enforce the health and safety policies on the night shift.  With only one supervisor for the entire plant, workers got into the habit of taking short cuts.  It’s troubling to see in court that many companies have the safety rules in place to prevent harm to workers, but render the rules ineffective by not adequately enforcing them. 

Training is another important element in carrying out due diligence.  Often, proof that a worker attended a training session is submitted in court as evidence of due diligence.  What the employer fails to prove, however, is that the worker actually understood the training.  In an industrial context, all the prosecution needs to show is that the worker did not appreciate the dangers of the machinery being used.  

Supervisors must be able to accurately evaluate the abilities of workers to ensure that training has been absorbed. 

As a recent case demonstrates, this is critical to a due diligence defence. A worker was killed after the rigging of an elevator platform broke, causing the platform to fall to the ground. The worker who had rigged the elevator was in training to become an elevator installer.

Through expert witnesses, it was shown that the apprentice worker did not appreciate the dangers connected to the rigging of the platform. Although the worker sincerely believed he had been trained, the mistakes he had made in the rigging were more than errors in judgement. The supervisors who gave evidence in this case could not show that the apprentice had the necessary experience to be left on his own. As a result, the court found that the worker did not yet have the ability to be left in charge and ruled against the company.

Protecting the company from convictions brought about by a lack of due diligence begins with a thorough understanding of the legislated risk control requirements;  an understanding of that which must be done to meet the intent;  and the immediate implementation of initial action aimed at correction of risk control issues.

Management must be able to demonstrate that risk control has equal status with production and quality and that it is an ongoing essential part of the business.  They must also be able to demonstrate that procedures and processes are in place to limit non-compliance events.  A strategy for due diligence includes :

Plan

• A policy is established and communicated.
• A defined plan is in place.
• Roles and responsibilities have been defined.

Implement

• The plan has been communicated.
• Decision making processes are in place.
• Management is seen to support/demonstrate commitment to the plan.
• Training is provided.

Evaluate and monitor

• Performance is monitored against plan.
• Regular reporting to senior management is done.
• Systems are in place to identify and manage serious loss potential.

Retain records

• Records demonstrate efforts.
• Records demonstrate that deficiencies are identified and actions taken.

Continuously improve

• Action taken addresses immediate and basic causes.

The above steps in the strategy for due diligence is discussed on the pages that follow.

Your company must develop and communicate risk control policies.  These policies must specify the level of commitment from management to the protection of people, equipment, materials and the environment from harm.  They should also express management’s expectation of employee contribution to the successful achievement of risk control goals and objectives.

The policy should be supported by a plan which establishes the short- and long-term goals for risk control.  While compliance activities must be defined, the site’s roles and responsibilities should extend beyond compliance alone and address good management practices.

This plan should identify the protection methods used in the operation such as:

• Roles and responsibilities.
• Training programmes.
• Record keeping systems.
• Use of professional expertise to assist and advise management.
• Adequate maintenance procedures, and
• Emergency preparedness and response procedures.

Managers must take this aspect of their job function seriously, be able to demonstrate activities undertaken to support the plan and be held accountable for their actions.  The performance management process should incorporate annual assessment of these supporting activities and reward efforts to gain compliance.

The plan must be communicated to all employees.  Roles and responsibilities and the decision-making process for risk control issues must be clarified and communicated.  Managers can demonstrate their acceptance and commitment to the goals and objectives through the actions taken on a daily basis in support of the policy and the plan.  

Training required to meet employee roles and responsibilities under the plan and policy must be provided, tested and recorded.  Regular reviews of the training given should also be provided, tested and recorded.  

The enhancement of risk control awareness through training increases the importance of risk control matters, aids in internalisation of relevant goals and stimulates compliance with risk control objectives.  All activities related to due diligence efforts must be documented in appropriate files.

Evaluations should ensure that appropriate records are reviewed and verified to make certain that what is recorded is accurate.  The type of records include:

• Incident investigations.
• Task analysis and procedures.
• Task observations.
• Incident report schedules.
• Audits and others.

These records can establish the effectiveness of the implemented compliance actions against the planned performance.  Regular reports must be provided to senior management to maintain awareness of significant loss potentials and provide opportunities for more informed decision-making.   

Peers should be regularly bench-marked to determine changing standards and community expectations regarding levels of effort within the industry to further reduce workplace incidents.  

Regular evaluations, or reviews, of the monitoring processes should be performed to continuously update and improve the company’s risk control systems and compliance efforts.  Codes and regulations should be regularly reviewed to determine changing impacts upon the operation.

Documentation must be kept to demonstrate those activities undertaken to protect the safety and health of personnel.  

Records of what has been implemented, successes and failures, and efforts to correct deficiencies must be part of the record retention efforts.

The processes for following up and correcting compliance issues should be clearly defined by a work process that is being followed.  This process should demonstrate that not only immediate causes are being addressed, but basic causes as well.  

Due diligence is demonstrated through the daily risk control activities.  It cannot be demonstrated if the following type of actions represent the company’s culture: 

• One employee is required to perform a task which normally requires two to perform it in a safe and efficient manner.
• Appropriate recruitment, orientation and training practices are not in place.
• Only general rules regarding risk control requirements are provided to new employees.
• Adequate regular maintenance is not provided for all equipment whose failure could result in a major loss.
• Lack of preparation renders a company unable to minimise loss when an incident occurs.
• Advanced knowledge is available but ignored.