top of page
Search

Officer Due Diligence: The Part Where the Boss Can't Just Point at the Safety Manager

Officer due diligence is one of the more misunderstood parts of Australian WHS law, which is impressive given safety legislation already contains enough plain English avoidance to power a small Canberra department.



At its core, due diligence means an officer must take reasonable, active and informed steps to ensure the organisation complies with its health and safety duties. It is not the same as doing every safety task personally, and it is not satisfied by hiring a safety manager, receiving a dashboard once a quarter, and nodding like the laminated risk matrix is doing God’s work.


Under the model WHS laws, which apply in every Australian jurisdiction except Victoria, officers have a specific duty under section 27 to exercise due diligence. Victoria has not adopted the model WHS laws, although its OHS framework still creates significant duties and potential personal exposure for those involved in corporate decision-making and control.


For national businesses, the practical answer is simple enough, build officer governance that would withstand scrutiny under the model WHS due diligence test, then adapt it for jurisdictional differences where required. Safe Work Australia confirms the model WHS laws have been implemented across Australia except Victoria, with each jurisdiction responsible for its own WHS laws.


What officer due diligence means...


Due diligence is the officer’s legal obligation to make sure the business has the people, systems, resources and monitoring processes needed to comply with WHS duties. Safe Work Australia describes officer duties as including suitable safe work systems and active monitoring and evaluation of WHS management. It also identifies practical expectations such as keeping WHS knowledge current, understanding the business’s hazards and risks, ensuring resources are available and used, and ensuring reporting processes for incidents, hazards and WHS issues are in place and followed.


The NSW officer duty guide puts the point more sharply. Officers influence the decisions, resources, policies, culture and accountability that determine whether WHS obligations are actually met. Section 27 exists because those people are in the position to ensure the PCBU uses appropriate resources, policies, procedures and safety practices, and if they fail to exercise due diligence, they can be held personally liable.


In practical terms, due diligence asks six operational questions.


  1. Do you know enough about WHS to ask competent questions, or are you outsourcing your brain to the nearest person wearing a hi-vis vest?

  2. Do you understand the work being performed, the hazards involved, and the actual risk profile of the operation?

  3. Have you ensured the organisation has appropriate resources and processes to eliminate or minimise risks?

  4. Are there processes for receiving, escalating and responding to information about incidents, hazards and emerging risks?

  5. Ate there processes for complying with legal obligations, including consultation, training, notifiable incidents, notices, licences, plant, hazardous work and other operational requirements?

  6. Are you verifying that the resources and processes are actually being used, or are you admiring the paperwork from a safe distance?


The last point is where a lot of officers come unstuck. Verification is not passive receipt of information. It is an active governance function. If the system says pre-starts are done, training is completed, supervision is occurring, contractors are controlled, SWMS are implemented, plant is maintained and incidents are investigated, the officer needs some defensible way of knowing that those statements are true.


Who is an officer??


An officer is not every manager, supervisor or senior employee. Under the model WHS framework, the definition draws from section 9 of the Corporations Act 2001. It includes directors and company secretaries, and can also include people who make or participate in decisions affecting the whole or a substantial part of the business, people who can significantly affect the financial standing of the corporation, and people whose instructions or wishes the directors are accustomed to act on.


The NSW officer guide also notes that a manager or supervisor in one area of the business will not usually be an officer merely because they implement decisions or provide advice.


That means the title on the email signature is not the only test.


A Chief Executive Officer, Managing Director, board member, company secretary, Chief Operating Officer or Chief Financial Officer may clearly fall within the concept.


A national operations leader, divisional general manager, head of property, head of engineering, or other senior executive may also be an officer if they participate in decisions affecting a substantial part of the business or have capacity to significantly affect financial standing.


The uncomfortable bit is that WHS decisions are not limited to “safety” decisions. Decisions about budgets, labour, equipment, contractor selection, maintenance deferral, supervision ratios, delivery schedules, procurement, training, site design, production targets and organisational structure can all shape safety outcomes. That is why a person can participate in decisions that affect WHS without ever opening the WHS Act.


The regulator and the law is not overly impressed by executives who discover safety after the ambulance arrives.


What officers need to do...


Officers need to build a repeatable governance rhythm that connects boardroom decisions to work as done. That starts with current WHS knowledge. An officer does not need to be a safety professional, but they need enough knowledge to understand their duty, recognise material risk, ask useful questions, challenge weak assurance, and know when specialist advice is required.


They also need operational knowledge. This means understanding the organisation’s critical risks, not just the corporate risk register in its natural habitat, which is usually a SharePoint folder nobody visits unless an auditor is coming.


Officers should know the organisation’s high consequence activities, recent serious incidents and near misses, regulator interactions, contractor exposure, psychosocial risk profile, plant and equipment risks, hazardous manual task risks, hazardous substances, traffic management, work at heights, isolation, fatigue, remote work, emergency management, and any other risk class that is material to the actual work.


Resource allocation is the next test. Due diligence requires officers to ensure the PCBU has available for use, and uses, appropriate resources and processes to eliminate or minimise risks. That includes competent people, adequate supervision, fit-for-purpose equipment, maintenance systems, training, consultation arrangements, incident reporting, investigation capability, contractor management, emergency planning, audit and corrective action tracking. A budget that funds the brand refresh but leaves workers improvising fall protection is not a governance triumph, it is evidence with a font choice.


Officers also need reporting lines that work upward and outward. WHS reporting should include leading indicators, lagging indicators, critical risk assurance, corrective action status, overdue statutory actions, regulator notices, HSR matters, consultation outcomes, serious incident learnings, training gaps, plant and maintenance issues, contractor performance, and resourcing constraints. The report should tell officers what is improving, what is drifting, what is stuck, what has been escalated, and what decision is required.


The final piece is verification.


Officers should periodically test whether the system exists in the workplace, not just in procedure. That can include site visits, critical control checks, independent audits, deep dives into selected risks, worker consultation without management filtering, incident close-out verification, review of high-risk work planning, and assurance over contractor-controlled work.


The NSW officer guide states that due diligence includes verifying the provision and use of resources and processes, and gives inspection or auditing as examples of active verification.


Protecting workers, your own arse, and the organisation!


The worker protection part is obvious, or should be. Officers influence the conditions under which work is planned, resourced, supervised and reviewed. When officers take due diligence seriously, workers are more likely to have safe systems of work, competent supervision, suitable equipment, realistic timeframes, and a reporting culture that does not treat bad news like a personal insult.


The personal protection part is equally blunt. Officer duties can create individual exposure. Safe Work Australia states that officers can be prosecuted if they do not meet their duties, and this can occur even if an incident did not happen at the workplace or the business is not liable. The practical defence is not “I delegated safety”. The practical defence is evidence that the officer took reasonable steps, relied on competent people where appropriate, asked informed questions, made resourcing decisions, required reporting, responded to known issues, and verified implementation.


The organisational protection part is broader than fines. A serious WHS failure can damage tender credibility, insurance position, regulator confidence, customer relationships, worker trust, board confidence and public standing. It can also expose the organisation to notices, enforceable undertakings, prosecution, civil claims, operational shutdowns and talent loss. The cost of prevention is usually easier to budget than the cost of explaining to a court why a known hazard was left to good luck and a toolbox talk.


Recent prosecution example: SafeWork NSW v Matthew McCourt


A recent NSW case shows how officer due diligence can become personal very quickly. On 02 Dec 25, SafeWork NSW reported that Matthew McCourt, the sole director and company secretary of Always Energy Pty Ltd, was convicted and fined $101,250 in the District Court of NSW. The matter arose from a 01 Jun 22 incident where a worker employed by Always Energy fell about three metres from the roof of a single-storey home under construction while installing solar panels, sustaining serious injuries. SafeWork NSW stated that Mr McCourt pleaded guilty to an offence under section 32 of the Work Health and Safety Act 2011 for failing to comply with his duty as an officer under section 27(1).


The judgment records that Mr McCourt was the sole director and secretary of Always Energy and was responsible for day-to-day management and control of the business, including setting daily tasks and activities. The court also recorded that the worker accessed a roof before appropriate fall protection was in place, slipped on a slightly dewy roof surface, slid over the gutter edge and fell approximately three metres to concrete below.


The safety paperwork existed, but the weakness was in implementation and specificity. The judgment records that Always Energy had a SWMS for solar installation works, but the site-specific steps were generic and did not address the specific hazards and risks associated with the building. The judgment also records that there were insufficient safeguards to ensure adequate safe work procedures were implemented, including documented installation instructions and instructions requiring fall protection to be installed in the appropriate manner and order before roof access.


The court identified practical omissions that will sound familiar to anyone who has investigated a working at heights incident. Mr McCourt did not sufficiently require, arrange or direct that a safe work procedure was developed, implemented or enforced. The judgment also records that he could have required adequate information, instruction and training on working at heights risks and controls, ensured adequate supervision, and prohibited workers from accessing the roof where appropriate fall protection was not in place.


That is the lesson. Due diligence is not proved by having a SWMS in the ute, a training register in the office, and a general belief that the crew knows what it is doing. It is proved by the officer’s ability to show that the business had effective processes, that those processes matched the work, that workers were trained and supervised, that higher order controls were implemented where reasonably practicable, and that someone was checking the system before gravity got a vote.


What good looks like...


A defensible officer due diligence framework should include a WHS governance calendar, scheduled board or executive WHS reporting, a critical risk register, a legal obligations register, defined WHS accountabilities, resourcing decisions recorded in minutes, evidence of consultation, incident and hazard escalation pathways, audit and assurance activity, corrective action tracking, and periodic review of whether controls are working in practice.


For higher risk organisations, officers should also require critical control verification. That means identifying the controls that prevent fatalities and serious injuries, then checking whether those controls are present, effective and used. For example, in work at heights, that means verification of edge protection, scaffold, fall prevention systems, rescue planning, training, supervision and exclusion zones before work starts. A harness still in the bag is not a control, it is decorative compliance.


The best officer questions are simple and hard to dodge.


  • What are our top fatal risks?

  • What controls must never fail?

  • How do we know they are in place today?

  • What are workers telling us?

  • What is overdue?

  • What has been escalated and not fixed?

  • What work are we doing where the procedure does not match reality?

  • What resourcing decision is needed from us?

  • Who has verified this outside the reporting line responsible for delivering it?


Safety Jon's Take


Officer due diligence is not about turning executives into safety advisors. It is about making sure the people with power over money, priorities, structure and accountability cannot pretend safety is someone else’s department. The safety manager can advise, coordinate, report and challenge, but they cannot exercise the officer’s duty for them.


The officer’s job is to know enough, ask enough, resource enough, and verify enough. Workers get safer conditions when that happens. Officers get a better night’s sleep when the evidence exists.


Organisations protect their financial and reputational standing when governance reaches the floor before the regulator does.


Stay informed. Stay safe!


SJ

Comments

sj_vlge.png

Straight-talking safety, risk, and leadership from the frontline.

Analysis of incidents, prosecutions, and the decisions that shape real safety outcomes.

bottom of page