CEO fined 100,000 dollars failing to verify risk controls

A CEO was convicted for failing to verify risk controls. Here's what officers need to know about applying that same duty to psychosocial hazards.

‍

📄 Read the full case here

‍

Key facts:

‍

• Gibson (CEO of Ports of Auckland) had safety systems in place, but failed to verify that they were working in practice.
• The court found he had not taken reasonable steps to ensure risk controls were implemented and effective.
• He was fined $100,000 and the conviction stands as an important case directly targeting an individual officer.

‍

Implications for officers

‍

• It is not enough to rely on policies or assume managers are doing their job.
• Officers must verify that systems to control risks are in place and functioning.
• This includes ongoing review and challenge, not passive oversight.

‍

What this means for psychosocial hazards

‍

Unlike physical risks, psychosocial hazards (e.g. poor support, bullying, organisational justice) can’t always be observed directly. That creates challenges yet the legal duty is the same.

‍

Officers must ensure:

‍

• There are effective systems to identify, assess and control psychosocial risks, not just awareness or intentions.
• Managers are trained and equipped to respond to issues like interpersonal conflict, high workload, or unclear role expectations.
• Data is monitored, such as complaints, staff turnover, incident lodging, and survey results are used to spot risk patterns.
• Controls are reviewed to check if actions taken (e.g. changes to workload, mediation processes) actually reduced the risk.

‍

We believe psychosocial hazards require a systems view. Officers are expected to take active steps to ensure these risks are being managed, even if they can’t see them directly. That means asking the right questions, reviewing the right indicators, and ensuring governance processes go beyond paperwork.

‍

Australian Institute of Company Directors spoke to this in their Psychosocial Risk Primer for boards. No reporting is a big governance red flag.

‍

Skodel's risk reporting template PDF and PPT

‍

We’re offering our psychosocial risk reporting template to help organisations meet these due diligence obligations.

‍

It includes:

‍

• A risk radar to assess prevalence and impact
• Guidance on analysing staff sentiment and comments
• Practical summaries of suggested controls
• A monitoring and review plan aligned to the Code of Practice

‍

Want the template?

‍Fill out this form and we’ll send it through.

‍

Example of what due diligence might look like in practice

‍

Organisation has recurring staff feedback indicating workload pressure and unclear expectations in one division.

‍

Here’s how an officer could meet their duty to verify that risks are being managed:

‍

1. Structured risk report is reviewed quarterly, highlighting:

• Elevated psychosocial risk in “role clarity” and “job demands” for one division
• Low average scores on “I know what’s expected of me” and “My workload is manageable”

‍

2. Officers ask for evidence of follow-up, such as:

• Documentation showing targeted conversations or coaching with team leads
• Implementation of agreed controls (e.g. introducing a project management tool)
• Feedback from affected staff confirming the situation is improving

‍

3. Controls are monitored over time:

• A follow-up check-in shows reduced risk scores
• Participation remains stable, indicating continued engagement
• If no improvement, officers escalate for further review or system changes

‍

By overseeing a systematic reporting process and tracking both action and outcome, officers can fulfil their obligation to verify that psychosocial risk controls are not just theoretical but are effective in practice.

‍

We hope you found this useful and as always, thank you so much for reading

‍