Call Us

Ever since WA’s WHS Act came in earlier this year, we’ve been asked many times: How do I show due diligence?

This is because WA’s WHS Act has made it administratively easier to prosecute company officers. Nowadays, a company doesn’t have to be convicted of an offence to be prosecuted. There doesn’t even have to be an accident or an incident. If you are a company officer and have shown you have not met your obligations of due diligence, you can be prosecuted.

This means facing hefty fines (which you have to pay out of your own pocket) and even a prison sentence. You don’t want that. We don’t want that. So let’s unravel what you need to do.

What is due diligence in WHS?

Before we dive in, let’s make sure we understand the key terms:

  • PCBU stands for Person Conducting a Business or Undertaking. This broad term can be used to describe an employer, company, association, corporation etc. – this video will tell you more.
  • Due diligence in WHS is the duty taken to ensure the PCBU complies with the Work Health and Safety Act. As a PCBU, you must ensure you’re taking “reasonable steps” to keep your colleagues safe in the workplace. This can take the form of:
    • Obtaining industry knowledge
    • Having a clear understanding of your business activities and the risks
    • Having appropriate systems and controls including:
      • policies
      • procedures
      • documentation
    • Conducting assurance activities such as:
      • auditing
      • investigations
      • site inspections

If you’re doing your due diligence, you’re less likely to have a serious incident occur or face legal action if one does.

The video below is from our article WA WHS Act 2020 – A Guide to 6 Key Changes, and sums up due diligence in 5 minutes, so be sure to give this watch too.

Now that you get the gist of it, let’s move on from the ‘what’ and into the ‘how’.

Your due diligence obligations vary depending on the nature, size and complexity of your business. The closer you are to WHS and the decisions that happen day-to-day in the business, and the more involved you are in the assurance activities and systems, the more hands-on due diligence you may have to demonstrate.

To show positive obligations of due diligence in your workplace under WA’s WHS Act 2020, you must include all six of these requirements:


Let’s unpack each one in detail.

1. Keep up-to-date knowledge of WHS matters

By reading this article, you’re off to a ripping start on this one.

Educating yourself on WHS news, industry developments and legislation changes, are just as important as keeping up with WHS matters in your own business.

To show you’ve been staying on top of industry matters, you can sign up to newsletters from industry bodies in your state such as DMIRS/Worksafe WA and MBA WA. Just make sure you actually read them, and they don’t get buried in your inbox or land in your junk.

Attending conferences, workshops, talks and networking events on WHS will also show you’re serious about improving your WHS. You could even go one step further and become a member of a safety association or join a committee.

Speaking of committees, you must also keep up to date with WHS happenings within your business, which can take form of a WHS committee. A WHS committee is a forum where employees can discuss WHS in the business. By law, if an employee expresses they want to become a rep, you must fulfil their request. If you’d like to learn more about health and safety committees, head to SafeWork Australia.

If your company isn’t large enough for a committee, a regular meeting with your managers to discuss WHS is a great alternative.

To show you’ve been keeping on top of WHS, you also need to be auditing your business against the current requirements, and keeping records of your incidents and risks. There is a plethora of apps, software and digital tools to help you do this – check out some of our favourites here.

While we’re fans of digitising processes for data management, efficiency and sustainability reasons, if the idea of another app or software in your day will cause more problems than solutions, keep paper-based files. They’re better than no records at all, but just remember what WHS lawyer, Greg Smith, warns: “The biggest source of legal liability for most organisations when it comes to health and safety prosecution are your own documents; because you have all this paperwork that says you’re going to do all this stuff and it’s not what you do in practice. And if you don’t do it in practice, you will be convicted on the basis of your documents.”

Alternatively, our Due Diligence Package will give you a clear oversight of your WHS performance on a monthly basis.

2. Understand the hazards and risks of your business, operations and activities

Understanding your business’ hazards and risks is vital, no matter what your business does and what industry you’re in.

Do you have a good understanding of the activities that happen in your business? What about the hazards and risks associated with those activities? Do you know what your critical risks are? Or those that can cause disabilities?

If you answered yes to the above, great! But the proof is in the pudding, and this pudding can take the form of:

  • a risk assessment
  • a safety management system
  • critical control plans
  • mining hazard management plan
  • emergency management plan
  • third-party reviews
  • ISO45001 certification

All are delectable options, but we recommend indulging in a company-wide risk assessment first. If you’d like to conduct your own risk assessment, sums up the process well, or if you’d prefer our consultants to do it for you, let us know.

Finally, understanding your risks is also associated with other business decisions such as budgets and org structures. A few years ago, it was common for a company Board to analyse and argue a financial ledger, but when WHS figures were presented, there would be no questions asked. Nowadays, Boards want to see the risks associated with new products and services, mergers, divestments, and budget increases or decreases. They no longer want solely a financial risk assessment, they want a safety one too because company officers are now held to account.

Today, there needs to be more conversations around WHS, with proactive enquiries before decisions are made.

3. Ensure your business has the appropriate resources, processes and controls to eliminate or minimise risks

Now that you’ve identified your risks and hazards, do you have the right resources, processes and controls to manage them?

This is where talking to your boots on the ground is paramount. Ask your team about the work processes and procedures they complete each day. What could be improved? What do they need? Are there any gaps in knowledge, resources or equipment?

Once you’ve conducted a gap analysis, document what you need, then create an action plan.


Resources include budget, time, equipment and people. It’s important you understand the org structure and what level of support is required to adequately control and implement systems. The smaller the company, the fewer human resources you have, so you’re more likely to take on the responsibility of WHS yourself. As your business grows, you’re likely to outsource this, before eventually getting an in-house resource.


‘Processes’ include policies, procedures, and risk assessments. When you think about your processes, do your employees know the correct and safe way of performing their tasks? A quick way to find this out is by asking them how to complete risky tasks and seeing if this matches with what’s written in your safety management system.


PPE, equipment, and training are all standard safety controls. Ensure your team is stocked up and well equipped to do their job, and that you conduct an annual training needs analysis.

4. Make sure the business has the appropriate processes for receiving and actioning information about incidents, hazards and risks, and control effectiveness in a timely way

Let’s break this one down into two parts:

1. Are we receiving the right information?

Here we need to apply the who, what, when, where, how and why hierarchy.

When handling information about risks, hazards and incidents, who informs you? And who do you tell? This will depend on your role, what happened, and who is impacted. It’s imperative your team knows when to pass information onto you, and you know when to escalate it further. For example, let’s look at these two incidents:

Incident 1: Adam is opening a box and gets a cardboard cut on his finger. He needs first aid, so he informs his supervisor and heads to the medical room for treatment. He returns to work later that day.

Incident 2: Paul is de-rigging a load and the load falls. Paul tries to grab the load to prevent it from falling and cuts his finger. He needs first aid so he informs his supervisor and heads to the medical room for treatment. He also returns to work later that day.

Although both incidents resulted in cut fingers, Paul’s had the potential to lead to permanent injury or death. His incident would need to be investigated to ensure it doesn’t happen again, and the company directors would need to be informed. If this information wasn’t escalated beyond a medical report, a fatality could occur.

However, Adam’s incident had reached its maximum potential because it’s awfully unlikely the cardboard box could cause further injury or death. So a simple medical report suffices for Adam, and it’s unlikely the company directors would be notified.

 2. How are we actioning that information to control the situation?

When information is being passed up the chain, how is it being dealt with? Can we put new controls in place? Do we need to update procedures or undergo training?

This will vary case-by-case. In the scenario above, this would take the form of an incident management process, which is the why.

5. Ensure that the business is aware of, and implements, processes for complying with relevant legislation under the WHS Act

Showing you’re aware of the current legislation can be as simple as sending out communications to all staff, reading articles, uploading information to the intranet or sending articles directly to colleagues.

When it comes to implementing processes for compliance, you need to show they’re now part of your systems, meeting rhythms and regular communications. You can also update position descriptions to ensure staff adhere to certain standards.



6. Ensure you have assurance processes in place to prove you’re doing the above

Assurance processes are proactive enquiries by safety professionals and company officers that can come in the form of internal and external validation.

Internal: Ensure that what you say you’re doing can be proved and that it’s effective. Are you continually asking questions to ensure what you’re doing is working?

External: Are your processes still relevant? Are they best in class? Is there anything else we need to be looking at or take into consideration?

To sum up, make sure you can show:

  • Subscriptions to WHS industry newsletters
  • A log of your incidents
  • That you’ve conducted regular risk assessments
  • Regular independent auditing
  • Regular internal audits

As Greg Smith says, “I don’t think there’s anything here that’s not consistent with basic good management principles… the difficulty for most organisations and managers in particular, is it’s just another thing you have to do”.

So if you need a hand with your due diligence, we have created a due diligence package for this exact reason. As well as speeding things up, it digitises your WHS, to help you keep tabs on your progress and performance on the fly. If you’d like to learn more about our retainers, audits or any other WHS services, get in touch today.