Critical risk governance and management
What boards and H&S leads need to know
Critical risk has always mattered. What's changing is the standard being applied to it in New Zealand.
The conviction of former Port of Auckland CEO Tony Gibson in November 2024 – the first of its kind against a chief executive of a large, complex organisation – made clear that officer liability for critical risk failures is no longer theoretical.
The Health and Safety at Work Amendment Bill 2026 – anticipated to pass through Parliament before September 2026 – is expected to make this requirement even more explicit.
For boards and executives, the question has shifted from “do we have systems in place?” to “can we demonstrate that those systems are actually working?” For H&S managers and risk leads, that shift changes what good looks like – not just in what you manage, but in what you surface upward and how you frame it.
This series covers the governance and management landscape in full: the legal context, the gap between documentation and verification, the blind spots in contractor supply chains, and the practical tools H&S leads need to brief boards more effectively.
What the Port of Auckland conviction means for every board with critical risk obligations
Tony Gibson wasn’t convicted because Port of Auckland lacked safety systems. He was convicted because nobody had verified those systems were working. This post unpacks what the case established – and what it means for every board with critical risk obligations.
Critical risk is no longer just implied. Here's what the Health and Safety at Work Amendment Bill means in practice.
The Health and Safety at Work Amendment Bill doesn’t create new obligations for boards and officers – it makes existing ones impossible to misread. This post explains what’s changing, what the timeline looks like, and the questions H&S leads should be raising now.
Your quarterly H&S report isn't telling your board what they think it is
A quarterly report is a snapshot – assembled after the fact, filtered through what people chose to report, describing work as imagined rather than work as done. This post makes the case for a different kind of visibility, and gives H&S leads the questions to raise it with their boards.
Your controls stop at your boundary. Your liability doesn't.
For organisations in high-risk industries, the greatest exposure is often in the contractor supply chain – where controls are hardest to see and easiest to assume are working. This post explains where the duty of care actually sits, and what genuine supply chain visibility requires.
Documented isn't the same as working. Here's the difference that matters.
Documenting a critical risk control and verifying it’s functioning are two different things. Most organisations have the former. The current legal environment is asking for the latter. This post defines the distinction and makes it concrete.
How to brief your board on critical risk – and why most H&S presentations miss the mark
There’s a difference between reporting and briefing. Reporting tells the board what happened. Briefing shapes how the board thinks. This practical guide gives H&S leads a framework for presenting critical risk governance in a way that changes the questions boards ask – and the standard they hold the organisation to.