Due Diligence

The apparent inability to change fatality and injury rates in any real way, combined with the increasing trend toward criminal prosecution post-incident, has led to a focus on due diligence. The problem with this focus is not the focus itself – we should all be dutifully diligent – but on how to achieve it. Here again, everything we have learned in more than a decade has shown us that traditional safety fumbles this entirely.

In a traditional safety program the problem with proving due diligence is twofold: first, the proof simply doesn’t exist, because traditional safety has an abysmal lack of provable value, almost no precision focus, and is so highly reactive it has to draw any proof of diligence from a sea of assumptions; and, second, relying on luck isn’t a sign of diligence of any kind, but rather a sign of total ignorance.

What we see increasingly is that in situations where due diligence becomes a question, usually about the time a prosecution begins, the fumbling begins to generate the proof. While not criminally driven, this is essentially a fraud, because what it entails is creating something concrete from something ephemeral. If you are dutifully diligent, you can tell me today, with fair accuracy, exactly how many of your employees are competent to do their respective job tasks, and you can show it to be true by way of a provable process and certification. This requires several conditions, the first being that such a comprehensive list exists, the second being that it is up to date (or can be shown to have been updated at some specific date), the third is that it is right (certificates match claims), and the fourth is that you can generate it reliably. Any one of those conditions failing means you are generating the proof by way of magic, or, at the very least, bending it into shape after the fact. Even assuming your end report on the matter is honest, the problem is that you cannot prove to have been diligent prior to the event that required such a proof, because you can’t prove you knew the state of your organisation before that event.

Real due diligence is about consistency, accuracy, and explicability. In a court environment the test of proof is going to demand it, and ignorance is no defence against a lack of diligent effort.

What we know is that risk-management itself isn’t any better at delivering proof of due diligence than any other method. What counts in this regard are the supporting tools, which is where the development side of our research and development efforts focused. It was apparent from the outset that data had to be capable of proving diligence, and even then it was doubly clear that the best tools would face the same two problems: data quality concerns, and data management concerns. Put in basic terms, the fact is that even with the best tools, low quality (bad) data and poorly maintained (unreliable) data kill the proof of diligence.

The difference between a risk-management model and its associated tools, and traditional safety, is that risk-management at least makes due diligence possible. By focusing efforts, and by having the tools maintain relationships once they are defined, we ensure consistency. By ensuring consistency and guiding the recording of data, we ensure accuracy (so far as is mechanically possible) as long as people follow the defined processes. And by having consistent and accurate data, and by wrapping the tools in processes that are clear and repeatable in terms of results from inputs, we can explain that data. In essence, risk-management processes and tools, combined, impart the three key gauges of proof of due diligence.

If you risk-manage your company, you use tools that make it easy, and if you execute that process wilfully your outcomes are naturally both safety, a side-effect of good operational risk-management process, and proof of due diligence – because you are being dutifully diligence in your process.

What is a depressing reality in our experience thus far is that the attitude remains, “serious accidents won’t happen to us,” and by the time that fallacy is shorn away, it is far too late to reverse engineer an enterprise to be naturally diligent.