What WHS officer due diligence really asks of boards
I think one of the reasons boards still struggle with work health and safety (WHS) is that officer due diligence is too often treated as a legal concept first, a management responsibility second and a governance discipline a distant third, fourth or fifth place.
That framing gets in the way.
Because for boards, section 27 isn’t just telling officers to be aware of their duties. It’s telling them that is it an active duty. It requires action. Officers must stay informed, understand the nature of the operations and the risks in them, make sure the right resources and processes are there and being used, make sure information is flowing and being acted on in time, make sure compliance processes are actually operating, and verify what the organisation is relying on.
Officer due diligence is a core governance skill, it can no longer be thought of as a side issue or an add on. What I think is often missed is that these elements work together. This is what boards who do WHS governance well understand. The six elements of due diligence build on each other.
Knowledge matters, but knowledge without a real understanding of the work doesn’t get you very far. Understanding the work matters, but if the organisation isn’t properly resourced or the right processes aren’t being used, you are still exposed. Good information flow matters, but only if the board recognises the early signals hiding within what it’s being told and responds early enough. Compliance processes matter, but not much if they look fine on paper but either don’t effectively manage the risk or even worse aren’t followed in practice. And finally, verification matters because it is the point where compliance stops being assumed and starts being tested. Verification is the piece that underpins it all.
What boards sometimes miss is that this isn’t just about directors protecting themselves, although of course that matters. If officers aren’t discharging due diligence properly, the consequences don’t stay neatly in the legal column. Workers are less safe. Early signals are more likely to be missed or minimised. Weak controls sit in the system for longer than they should. And by the time a board finally sees the issue clearly, it’s often because the organisation is already dealing with harm, disruption, regulator attention, workforce concern, media scrutiny or, in many cases, all of the above.
That’s why I think boards do themselves a disservice when they fail to see WHS as a core governance skill.
WHS isn’t a side stream or something to be dealt with after the finance paper, the strategy discussion and the risk update if there’s any time left. WHS sits inside all of those things, but the board won’t see it if they don’t understand the work well enough, don’t ask the right questions early enough, or they don’t have enough visibility to know whether the organisation is actually controlling its material risks.
Because that’s what weak WHS governance often looks like in practice. It’s not necessarily a board that never discusses safety; it’s one that believes the updates without verifying it through evidence. Most boards can point to reporting, dashboards and policies, but they can’t really show that they understood where staff were most exposed to health and safety risks, what controls mattered most, whether those controls were working in practice, or what was changing in the system around it and importantly how the organisation was navigating those changes to ensure (so far as is reasonably practicable) that they were minimising the chance of those changes harming their workers and others at their workplace.
This is the gap I keep coming back to when I work with boards and executive leadership teams.
Boards can be reported to and still be behind. And if something goes wrong, regulators aren’t just interested in whether a board received papers that included incident information or that counted the days since the last injury. Regulators what to see evidence of what the board turned its mind to, what it asked, what it wanted clarified, what follow-up it required, and how it satisfied itself that WHS duties were being complied with. In serious matters investigated by Regulators, non-executive directors may find themselves being interviewed as part of the Regulators evidence gathering activities. Yes, Regulators will review agendas, minutes and board papers. But they will also ask questions about escalation pathways, about who knew what, when and what happened after issues were raised. Regulators are looking for evidence (or lack thereof) active oversight, not polite receipt of untested information.
That is why the distinction between updates and evidence matters so much. Boards do need updates. Of course they do. But updates on their own don’t tell a board whether the controls that matter most are actually working in the real world. “Training completed”, “policy updated”, “audit done”, “no incidents reported” — those report headlines aren’t meaningless, but they also aren’t enough to demonstrate due diligence on their own. Boards need to know where their workers are most exposed to health and safety risks, what evidence supports confidence in the key controls, and what would surprise them if it was already starting to unfold.
That is also why reasonable reliance matters. Boards can rely on management, but that reliance has to be reasonable. It can’t drift into assumption or rest on large papers that say a lot but don’t actually tell the board anything useful. And it cannot stop at process existence. The real board due diligence question is whether there’s enough visibility and evidence to rely on what the board is being told.
The broader, and more positive, point here is that when boards govern WHS well, they are usually doing other things well too. They are setting clear expectations, and paying attention to patterns, making changes to reduce risk before a serious incident forces the issue. These organisations treat worker consultation as a source of intelligence, not a procedural afterthought. And crucially, the one thing organisations who govern WHS well have in common, is they design WHS into the organisation’s overall governance system, it factors into all decision making. And the result is seen in safer work, stronger culture and better operational discipline. It also puts directors in a much stronger position if the organisation does come under scrutiny.
Because once a serious incident happens, or the regulator becomes involved, the conversation changes very quickly. At that point, nobody is interested in whether the board received a dashboard, noted a report, or saw that training had been completed. The questions become much more direct. What did the board know? What did it ask? What did it want clarified? What follow-up did it require? What basis did it have for confidence that the organisation was actually complying with its WHS duties? It’s often where WHS governance stops feeling like an abstract concept.
Over many years as a WHS Inspector, I sat across from organisations who only fully understood the gaps in their WHS governance after a serious injury, a fatality or regulatory action had already forced the issue. By then, the cost is never just legal. It’s human. Workers have been harmed or worse have died. Families are living with consequences that will be with them for the rest of their lives. Organisations are dealing with grief, disruption, scrutiny and the hard reality that earlier attention might have changed the outcome.
That’s why I care so much about WHS governance.
Officer due diligence is a legal duty, yes. But if boards only understand it at that level, they are still missing what it is really asking of them. Good WHS governance requires attention, judgement, curiosity, active follow-through and verification. It requires boards to get beyond the comfort of papers and close enough to the work (without dipping into operations) to understand where risk is being created, whether controls are holding, what signals suggest something in the system may be weakening, and whether the organisation is really managing those risks in practice.
A useful board question is rarely, did we receive the report?
It is much more often, what gives us a reasonable basis for confidence here?
If this is a conversation your board needs to have, or you would like support to strengthen WHS governance in your organisation, you can reach out to me via Jaei Advisory or connect with me on LinkedIn.
Footnote: Section 27 of the NSW Work Health and Safety Act 2011, can be found here: https://legislation.nsw.gov.au/view/whole/html/inforce/current/act-2011-010#sec.27