The Compliance Fallacy in Health and Safety

There is a strong and prevailing fallacy in the standard approach to Health and Safety, the Compliance Fallacy. This is the mistaken belief that if a work environment could only comply with all the relevant standards and guides, there would be no prosecution risk. This is a fallacy, for two major reasons:

  • The number one determiner of a Worksafe prosecution is the severity of the injury, NOT the compliance paperwork. If you have all the paperwork in place, and someone is killed on your workplace, you will still likely be prosecuted.

  • The risk of a severe injury has low correlation to the majority of compliance activities. The “safety triangle” is a dangerous and incorrect idea, with only 15-20% of non-compliance activities being associated in any way with fatalities.

The Compliance Fallacy needs to be actively challenged, as it is redirecting resources from actually ensuring workers’ health and safety, while offering limited prosecution coverage.


Risk Based HSWA Strategy


A Risk Based strategy needs to be adopted across the country, as it can yield surprising results to both worker safety AND company margins when compared to the Compliance Fallacy. Due to the exponential nature of operational risk, magnified by the Worksafe focus on prosecuting proportional to severity, most companies should expect an increase of 2 to 4 times effectiveness from the same expenditure.

To advance a Risk Based strategy, one of the major mindset changes is to move away from looking at compliance of Plant, Substance and Structures, and move towards identifying dangerous or risky work. This is because risk is only present in an operation where People intersect with Plant, Substance and Structures in a dangerous manner. A machine in a locked room is not a critical risk, a person sitting on a beach in the weekend is not a critical risk. The primary tool of a Risk Based strategy is an operational risk assessment of these intersections.


Case Study – Risk Based vs. Compliance Based strategy


In the following case study, a company has 100 operations but has not yet completed risk assessment. The average risk profile of the company is unknown, however using the 5×5 risk matrix a sum risk profile of 450 is calculated with all operations being estimated as medium risks.

After a risk assessment has been carried out across the operations, the profile changes significantly. 20% of operations have been identified as Critical Risks, 30% as medium risks and the remaining 50% as low risks. Due to the exponential nature of risk, although only 20% of the operations were identified as Critical Risks, the sum risk profile increases to 501.

A Risk Based control strategy is now implemented, and the 10 most dangerous operations are controlled. The risk on these operations is dropped significantly, and all critical risks are now regarded as medium risks. The sum risk profile drops to 325, a drop of 54% with control expenditure on only 10/50 operations.

A compliance based strategy further reduces 50% of medium risks to low risks and sum risk profile becomes 265. However, control expenditure rises to 50/50 operations. Considering the two strategies, compliance based and risk based, it can be seen that compliance based costs are 5 times greater for minimal difference in sum risk profile reduction.


The true effect of Risk Based vs Compliance Based strategies is then further magnified if the compliance based budget savings are then re-allocated to other critical risks across the organisation. At the same unit cost, Risk Based strategy has the ability to reduce sum risk profile by 880 points, compared to 236 points for the Compliance Based strategy. In this case study, Risk Based strategy is 3.7 times more effective at ensuring worker safety AND reducing prosecution risk for the same investment.


Target controls on Critical Risk


Even a Risk Based control strategy will still result in some Standard Operating Procedures and Training Records, especially for dangerous tasks where operator knowledge and correct procedure is essential to safety and engineering control is not possible. However, it is essential to work from the top down, and target these controls on critical risk operations first.

For example, consider the difference between a Risk Based strategy and a Compliance Based strategy for Personal Protection Equipment (PPE). Although the Risk Based Strategy does occur more up-front work to risk assess and align PPE with operational requirements, the end result is considerably more targeted and will have a positive effect on administrative overhead and ongoing maintenance requirements.


Creating a winning team for execution


To achieve a successful implementation of a Risk Based HSWA strategy, you must have the correct skill-sets in your team. A cross-functional team with Human Behaviour, Operational, Risk, Regulatory and Engineering knowledge is required.

BVT can provide expertise in Human Behavior, Risk, Regulatory and Engineering knowledge, and partnered with our client’s Operational knowledge, we have a successful track record with Risk Based HSWA execution. Contact Matt Bishop, 021 661 748, to talk further.