ENGINEERING DUE DILIGENCE – EARTHING SYSTEMS
Gaye E Francis BE MIEAust
Richard M Robinson BE BA FIEAust MSFPE
Directors R2A Melbourne
Boards, government ministers and CEOs need to ensure that the precautions put in place to
manage threatening, critical issues, such as serious earthing hazards, are effective and
appropriate. The reasoning to achieve this outcome should be transparently documented in a
way acceptable to shareholders, taxpayers, regulators and the courts, if required. This was
never easy in a complex, technological society like Australia. But in a global recession errors
in technological judgement can easily be fatally amplified. In order to address such concerns,
engineering due diligence is required.
The approach to engineering due diligence described in this paper is based on the very sensible
ethical position of the common law, namely, that all reasonable practical precautions are in
place based on the balance of the significance of the risk vs the effort required to achieve it.
This precautionary approach is in strong contrast to the technical risk target approach of recent
years often used to ‘manage’ major hazards. R2A is unaware of the technical risk target
approach surviving legal scrutiny post-event (unless the risk target approach is called up by
statute or regulation).
1.0 RISK (UNCERTAINTY)
Risk means different things to different people at different times. However, one element that is
common to all concepts of risk is the notion of uncertainty. If we knew what would happen
next, there would be no risk. That is, for the omniscient or omnipotent the concept of risk
would be incomprehensible. But in the world of finite beings, all face uncertain, possibly
precarious futures. Risk, and what to do about it, are vital human concerns. Decision-making
processes, whether of statutory regulators, court judges, business managers or ordinary
individuals, reflect human concern to improve safety, security, and the reliability, efficacy and
profitability of their endeavours in the face of ever-present uncertainty.
Risk is generally divided into two broad types: pure risk or downside risk and speculative risk
or upside risk.
Business Safety Project
If the likely consequences of a risk are considered to be always bad, offering no prospect of
gain, it is designated downside or pure risk. The possible events or situations that pure risk
poses are treated as hazards or vulnerabilities. If the possible consequence of a risk is
considered potentially desirable, that risk is designated as upside or speculative risk, and is
treated as a value added. Business, market, military, clinical and political risk is usually a
combination of both upside and downside risk. Safety and insurance risk is generally only
downside risk. Project risk is interesting in this context as it is typically a downside risk
assessment from an assumed upside risk position, sometimes with some market risk elements
around the upside position. This is shown in the figure above. This seminar is concerned with
earthing safety risk.
2.0 LEGAL CONTEXT (THE COURTS ARE ALWAYS RIGHT)
2.1 The Adversarial Common Law Process
There are several points about the adversarial system that need to be remembered. It is first and
foremost a court of law. As the Institution of Engineers, Australia notes in the brochure Are
You at Risk (1990):
Adversarial courts are not about the dispensing justice, they are about winning actions.
In this context, the advocates are not concerned with presenting the court with all the
information that might be relevant to the case. Quite the reverse, each seeks to exclude
information considered to be unhelpful to their side's position. The idea is that the truth lies
somewhere between the competing positions of the advocates.
Further, courts do not deal in facts, they deal in opinions. Again from Are You at Risk:
What is a fact? Is it what actually happened between Sensible and Smart? Most emphatically
not. At best, it is only what the trial court - the trial judge or jury - thinks happened. What the
trial court thinks happened may, however, be hopelessly incorrect. But that does not matter -
That is, in court, the laws of man take precedence over the laws of nature. In the adversarial
system innocence must be assumed or there is no case to try. If the defendant pleads guilty, for
example, the case stops immediately other than for the determination of the penalty. In the
inquisitorial system, guilt must be assumed and the inquisitor tests for innocence. This is
necessary as if the inquisitor presumed everyone to be innocent, into whom would s/he inquire?
The inquisitor cannot talk to everyone so only those deemed to be potentially guilty are
2.2 Due Diligence
The primary defence against negligence claims is due diligence. This really means that a
reasonable person (in the eyes of the court and with the advantage of 20:20 hindsight) in the
same position would have undertaken certain procedures and processes to ensure whatever it is
that did happen, on the balance of probabilities, shouldn't have occurred. This is probably best
represented by the diagram below, adapted from Sappideen and Stillman (1995).
Engineering Due Diligence – Earthing Systems Page 2 of 9
How would a reasonable defendant respond to the foreseeable risk?
This balance is always what the authors’ have understood to be the case law meaning of
‘reasonably practicable’. The overall situation is perhaps best summarised by Chief Justice Sir
Harry Gibbs of the High Court of Australia (1982):
Where it is possible to guard against a foreseeable risk, which, though perhaps not
great, nevertheless cannot be called remote or fanciful, by adopting a means, which
involves little difficulty or expense, the failure to adopt such means will in general be
This precautionary approach is in strong contrast to the popular technical risk target approach
of recent years which is suggested in, amongst other standards, the SIL standard IEC (AS)
61508. The authors are unaware of the technical risk target approach surviving post-event legal
scrutiny in Australia (unless the risk target approach was called up by statute or regulation).
Precautions vs Risk Targets
In support of common law due diligence, the Australian, State, Territory and New Zealand
Workplace Relations Ministers’ Council (WRMC), on 18 May 2009, agreed to a framework for
uniform OHS laws. Amongst many matters the WRMC rejected a formal definition of ‘due
diligence’ in favour of the case law definition. It also determined that the concept of
‘reasonably practicable’ is preferred as the descriptor for the need-for-precautionary-action
Engineering Due Diligence – Earthing Systems Page 3 of 9
2.3 Threat and Criticality before Hazard and Risk
Courts and senior decision makers require a demonstration that all practicable reasonable
precautions are in place. The underlying issue is that if something untoward occurs the courts
immediately look to establish (with the advantage of 20:20 hindsight) what precaution/s that
should have been implemented weren’t. Risk is not strictly relevant since, after the event,
likelihood is not relevant. It has happened. As an Australian judge has been reported as noting
to the engineers after a serious train incident; “What do you mean you did not think it could
happen, there are 7 dead”. That is, the notion of risk is really only used to test the value of the
precaution it is claimed ought to have been in place. How risky a situation is before the event
is not germane.
This means risk control is primarily focussed at rare, high consequence events, like major
earthing faults resulting in death/s. Arguments capable of legal scrutiny need to be developed.
A framework to put together such arguments is outlined in the following section.
3.0 DUE DILIGENCE ARGUMENTS
There are multiple possible tools/techniques that could be used to create engineering due
diligence arguments. The key is to select those approaches that provide transparent and robust
arguments for the particular issue at hand. The R2A appreciation of such arguments is
documented in the R2A Text (Robinson & Francis 2008) and also in the Institution of
Engineers Safety Case Guideline available online through Engineers Australia
(http://www.eabooks.com.au). The summary table is shown below.
Decision Process >>
Expert reviews Facilitated workshops Selective interviews
1. The rule of law (Arbitration & (Royal commissions
adversarial courts) & coronial enquiries)
Yes Yes Yes
2. (Risk surveys, (Risk profiling (Especially moral
(engineering or financial)
actuarial studies) sessions) risk)
Asset based, hazard Yes Yes
3. based, 'bottom-up' (QRA, availability & (HazOps, FMECAs Difficult
approaches reliability audits) etc)
Threat based 'top- Difficult Yes
4. (SWOT &
down' approaches in isolation (Interviews)
‘Recognised good Difficult Yes
5. (Best available
practice’ approaches in isolation (Fact finding tours)
Simulation / Yes
6. (Computer Difficult
evolutionary design (Crisis simulations)
7. Risk culture concepts Difficult (Generative
Engineers Australia Safety Case Guideline
Engineering Due Diligence – Earthing Systems Page 4 of 9
As can be seen from the legal implications outlined above it is imperative that any argument
that an expert witness could formulate after an event needs to be considered prior to the event
and documented in a transparent and robust manner. As an observation hazard and risk implies
fault and liability whereas generative approaches encourage action and responsibility.
The actions of the WRMC and the expected future inclusion in the uniform OHS laws has
major implications in terms of engineering (safety) due diligence and reinforces the role of the
High Court and the common (case) law in the determination of precautionary effort in the
control of hazards in Australian jurisdictions. It appears to the authors that it confirms the
rejection of the notion of acceptable or tolerable levels of risk common in Australia and
frequently used for earthing risk due diligence arguments. This is explained further in the
4.0 DUE DILIGENCE FOR EARTHING SYSTEMS – AN EXAMPLE
The following example is presented with permission from the director of Energy Safe Victoria,
Ken Gardner. The role of Energy Safe Victoria (ESV) in regulatory terms was noted during the
process and is restated below.
* That safety is the responsibility of the proponent organisations, not the ESV.
* The ESV task is to ensure due process so that proponent organisations demonstrate due
* The ESV will prosecute but regards any related prosecutions as a measure of regulatory
The review was commissioned in response to safety concerns associated with abnormal voltage
rises on metallic water pipes. The key critically exposed group was identified to be the water
utility workers when they are carrying out work from the main to and including the customer
water meter. However it was noted that other critically exposed groups including the
household occupant could also be exposed to this hazard.
A model was developed to enable a diligent decision for appropriate precautions to be
implemented for the identified hazard.
4.2 Method – Generative interviews, workshop and threat-barrier analysis
The study incorporated a combination of generative interviews, a stakeholder workshop and
threat barrier modelling. A preliminary threat barrier diagram describing the relevant threats
and potential barriers available was generated based on information collected during the
interviews. This was then tested with the larger stakeholder group consisting of both power
and water industry representatives.
Based on this the expert workshop group recommended what it considered to be appropriate
good industry practice in Victoria.
Engineering Due Diligence – Earthing Systems Page 5 of 9
4.3 Threat-Barrier Model
The threat barrier diagram describes the threats and the ratios to which critically exposed
groups can be exposed.
The loss of control point was defined as the point at which a critically exposed person typically
a plumber or water utility worker broke the conductive pipe carrying the current and was
exposed to an abnormal voltage rise. The overall view was that 5 volts greater than a nearby
reference ground was problematic.
Eight barriers were noted for consideration to mitigate the various threats. Six acted before the
loss of control point and two after. Each barrier is briefly described with comments below.
4.4.1 System Inspection, Maintenance and Repair
This was noted as a background control which should keep the overall frequency of the
threats to a minimum.
4.4.2 Prompt Response to Customer Fault Reporting
This was also noted as a background control which should keep the overall frequency of
the threats to a minimum. The understanding is that supply quality problems and faults
may be indicators of deteriorated neutral conductors and these would be detected by the
customer most of the time.
Engineering Due Diligence – Earthing Systems Page 6 of 9
4.4.3 Install Plastic Pipe of Adequate Length at Both sides of Meter
This was considered to be the optimum solution since it practically eliminated all
threats. New customer installations were done this way. However, it was considered
impractical to upgrade all existing installations to this standard.
4.4.4 Turn Main Switch Off
This was considered to be a very effective control (99% efficiency) if it could be
implemented. However, many domestic installations have the meter box inside the
dwelling and is therefore not generally accessible by the utility workers. Commercial
and industrial installations also have access complications.
4.4.5 Supply Isolation
It was recognised that isolating the power supply from the sub-station etc would
eliminate almost all the risk. This was also considered to be impracticable.
4.4.6 Abnormal Voltage Detector
This technique was used by the former SEC and is still used by the distribution business
and electrical inspectors with success for detecting high impedance neutrals and
ineffective earths. The test requires potential differences to be measured using a high
impedance voltage meter between the conductor in question, such as a water pipe, and
an independent remote earth, (a small earth stake hammered into the ground some
distance away). This is an established good practice and could be easily implemented.
4.4.7 Bridging Conductor
The use of a bridging conductor was considered to act after the loss of control point. If
competently applied, its reliability would be better than 90%.
4.4.8 Personal Protective Equipment (PPE)
The use of PPE also acted after the loss of control point. Its effectiveness in a wet
environment was generally considered poor at around 30%. Its primary benefit
appeared to relate to the breaking of the bridging conductor when the work was
4.5 Completeness Check
At the conclusion of the workshop, the group was asked if there were any issues or other
potential precautions which had not been raised during the workshop. None were noted.
4.6 Workshop Findings
As a result of the review, the following findings emerged from the stakeholder workshop:
4.6.1 Plastic Pipes Best Protection
There was general agreement that water service connections and water street mains are
not designed as earths. The use of plastic pipe was considered most desirable and the
best overall option from a hierarchy of controls viewpoint. New and renewed services
were being replaced with plastic so in the long term this issue should abate. However,
on balance, it was impracticable from a cost and effort viewpoint to replace all existing
services with plastic water pipes in the short to medium term.
Engineering Due Diligence – Earthing Systems Page 7 of 9
4.6.2 Turn Main Switch Off and Abnormal Voltage Detection
The simplest and most reliable combination to protect all parties from abnormal
voltages was main switch isolation coupled with abnormal voltage detection both before
and after completion of the work, and in conjunction with the application of a bridging
conductor when cutting or removing a section of water pipe.
4.6.3 Bridging Conductor and PPE (Personal Protective Equipment)
The use of a bridging conductor was considered essential with metal pipe. PPE was
primarily related to the disconnection of the bridging device since if an undetected fault
existed and an insulated joint created then on disconnection a dangerous scenario would
occur. This would be detected by the subsequent voltage test but this would not protect
the utility worker.
The important point to note is that the process does not adopt any target level of risk or safety.
Rather it confirms that for credible critical events that all reasonable practicable precautions are
in place based on the balance of the significance of the risk vs the effort required to reduce it
(the common law balance).
This paper presents the idea that engineering due diligence is the development of a robust
transparent argument and implementation of consistent action for the predicted performance of
our material infrastructure.
In safety terms, this is to the common (or case) law standard based on the balance of the
significance of the risk vs the effort required to reduce it. The engineering due diligence
process described in this paper specifically rejects the target level of risk approach generally.
The recent determinations of the Workplace Relations Ministers’ Council supports this position
for the foreseeable future.
Engineering Due Diligence – Earthing Systems Page 8 of 9
Australian, State, Territory and New Zealand Workplace Relations Ministers’ Council
(WRMC) Communiqué (18 May 2009).
Duthie, Leigh, Phillipa Murphy and Angela Sevenson (March 2009). Designers must consider
draft codes and standards to safeguard against claims of negligence. Engineers Australia
Magazine. Sydney. (Pages 38-39).
Energy Safe Victoria (September 2005) Abnormal Voltage Rises on Water Pipes Workshop and
Report. R2A Pty Ltd. Melbourne.
Engineers Australia, Risk Engineering Chapter, Victoria Division (2007). Safety Case
Guideline. Published via Engineers Media, Sydney.
Gibbs, Chief Justice Sir Harry. Turner v. The State of South Australia (1982)
High Court of Australia before Gibbs CJ, Murphy, Brennan, Deane and Dawson JJ).
Institution of Engineers, Australia (1990.) Are You at Risk? Canberra.
International Electro-technical Commission (1998). IEC 61508. Functional safety of
electrical/ electronic/ programmable electronic safety-related systems.
Also known as AS 61508:1999.
Robinson, Richard M, Gaye E Francis et al 2008. Risk & Reliability - An Introductory Text
(revised 7th edition). R2A Pty Ltd. Melbourne.
Robinson, Richard M and Tim Procter (2007). Technical Due Diligence and Safety Integrity
Level (SIL) Allocation. Proceedings of the Dust Earthing Seminar 2007. Parramatta.
Sappideen, C & Stillman, RH (1995). Liability for Electrical Accidents: Risk, Negligence and
Tort. Engineers Australia Pty Ltd, Sydney.
Standards Australia AS 4801-2000. Occupational health and safety management systems –
Specification with guidance for use.
Engineering Due Diligence – Earthing Systems Page 9 of 9