Why Your Quarterly H&S Report Isn’t Enough for Boards

A quarterly H&S report is a snapshot, not visibility. Here’s the difference – and the questions your board should be asking instead of relying on periodic reporting.

Your quarterly H&S report isn’t telling your board what they think it is

Key takeaway: A quarterly H&S report describes what people chose to report, weeks after it happened. That’s a snapshot – not visibility. The Port of Auckland conviction and the incoming HSWA Amendment Bill are both asking boards to do something harder: have continuous, verified confidence in whether critical controls are actually working.

Snapshot vs visibility — the distinction that matters

A snapshot is a quarterly report: a moment in time, filtered through what people chose to surface, describing work as someone wanted it to be seen.
Visibility is something different: an ongoing, accurate picture of what’s actually happening with critical risks and whether the controls meant to manage them are working.

Most boards have the former. The current legal environment is starting to require the latter.

There’s a ritual that plays out in boardrooms across New Zealand every quarter. An H&S report lands on the table. Someone presents it. The board asks a few questions, notes that the numbers are trending in the right direction, and moves on. Everyone leaves with the feeling that governance has occurred.

It’s a reasonable assumption. It’s also, in most organisations, not quite true.

What a quarterly report actually is

A quarterly H&S report is a summary of selected information, assembled by people who are close to the work, about events that happened weeks or months ago. That’s not a criticism of the people who write them – it’s just an honest description of what the document is and isn’t.

By the time a report reaches the board, it has passed through several layers of interpretation and selection. Incidents that were judged minor may not have made the cut. Near-misses that weren’t formally reported aren’t in there at all. The controls that are described as “in place” are in place as far as anyone writing the report could tell – which may or may not reflect what’s actually happening on-site on a Tuesday morning.

The Port of Auckland case illustrated this precisely. Tony Gibson was aware, through a March 2019 Critical Risk Report, that the number of recorded incidents and near-misses at the port was likely not reflective of what was actually occurring. The reporting system was producing a picture that was tidier than reality. And because nobody had adequately verified the gap between the two, the board and its officers were making governance decisions based on a version of events that wasn’t quite accurate.

The report said one thing but the wharf said another.

The difference between a snapshot and visibility

There’s a useful distinction here between a snapshot and visibility. A quarterly report is a snapshot – a moment in time, captured through a particular lens, showing what was visible to the people who assembled it. Visibility is something different: an ongoing, accurate picture of what’s actually happening with your critical risks and whether the controls meant to manage them are working.

Boards are generally good at understanding this distinction when it comes to financial information:

No CFO would be satisfied with a quarterly summary of bank transactions and call it financial oversight. Financial governance requires real-time data, rolling forecasts, and the ability to see emerging problems before they become serious ones.

The standard applied to health and safety information tends to be much lower – and in most organisations, it’s lower by default rather than by design. The quarterly report is what exists, so the quarterly report is what gets used.

Why this matters more now

The Health and Safety at Work Amendment Bill, expected to pass before September 2026, makes the stakes of this gap explicit. It requires officers to verify that critical risk controls are actually being provided and used – not just that they’ve been documented or planned. That verification obligation can’t be met by reading a report assembled by someone else. It requires officers to have access to information that tells them, with reasonable confidence, what’s actually happening.

The Port of Auckland conviction reinforced the same point from a different angle. The Court drew a sharp distinction between “work as done” and “work as planned, intended, or imagined” – and held that officers are expected to maintain sufficient knowledge of the former. A quarterly report, almost by definition, describes work as imagined. It tells you what should have been happening and what people chose to report. That’s not the same thing as “work as done”.

What boards should be asking instead

None of this means quarterly reports are worthless – they serve a purpose as part of a broader governance picture. But they shouldn’t be the primary basis on which a board satisfies itself that critical risks are under control. The question isn’t whether to keep reporting; it’s what the reporting is actually for, and what sits alongside it.

A few questions worth raising with your board:

When did we last verify – not just review – the status of our critical controls? Reviewing a report that says a control is in place is different from having evidence that it’s functioning. What does our verification process actually look like?
What aren’t we seeing? Under-reporting of near-misses and minor incidents is well-documented across high-risk industries. If our numbers look clean, is that because performance is strong, or because the reporting culture doesn’t surface problems early?
How old is this information? A quarterly report presented in October describes a world from July, August, and September. In a high-risk environment, what can change in that time – and would we know if it did?
Are our critical controls defined clearly enough to be monitored? A control that’s described in general terms can’t be meaningfully verified. If the board can’t say precisely what each critical control requires and how compliance is confirmed, the reporting against it is unlikely to be reliable.

These aren’t comfortable questions, and they’re not meant to be. But they’re the questions that the current legal environment – and basic good governance – is starting to require.

The honest conversation

The shift that boards need to make isn’t about distrusting their H&S leads or demanding more paperwork. It’s about understanding what a quarterly report can and can’t tell them, and building a picture of critical risk that goes beyond it.

That means asking for verified control status alongside incident summaries. It means understanding the difference between what’s documented and what’s observable. And it means being honest, as a board, about whether the information you’re currently receiving would actually tell you if something was about to go wrong – or whether you’d find out the same way everyone else does.

Frequently asked questions

Why isn’t a quarterly H&S report enough for critical risk governance?
A quarterly report is a snapshot: selected information, assembled after the fact, describing what people chose to surface. It captures work as imagined rather than work as done. The Port of Auckland conviction and the HSWA Amendment Bill both point toward a higher standard — continuous, verified confidence in whether critical controls are actually working.

What’s the difference between a snapshot and visibility in H&S governance?
A snapshot is a periodic report — a moment in time, filtered through the reporting system. Visibility is an ongoing, accurate picture of whether critical risk controls are functioning. Most boards currently have the former; the incoming legal standard is moving toward requiring the latter.

What should a board ask about H&S reporting?
The most useful shift is from “what does the report say?” to “how do we know our critical controls are actually working?” Specifically: when were controls last verified (not just reviewed)? What might not be captured in the reporting system? How old is the information? Are controls defined precisely enough to be monitored meaningfully?

What does the HSWA Amendment Bill require in terms of reporting?
The Bill requires officers to verify — not just receive reports about — whether critical risk controls are being provided and used. That verification obligation can’t be met by reading a summary prepared by someone else. Officers need access to information that tells them, with reasonable confidence, what is actually happening on the ground.

Critter is built by IMPAC – 27 years of health and safety expertise, purpose-built for the critical risk governance challenge. Learn more about IMPAC.

See our other blogs

See all blogs

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

How to Brief Your Board on Critical Risk: A Practical Guide

Most H&S board presentations report on what happened. This guide shows H&S leads how to brief — framing critical risk governance in a way that changes what boards ask and demand.

Critical Risk Controls: The Difference Between Documented and Verified

Documenting a critical risk control and verifying it’s working are two different things. Here’s why the distinction matters – and what verification actually requires in practice.

Critical Risk and Contractor Supply Chains: Where Liability Lives

Your duty of care doesn’t stop at your organisation’s edge. For principals in high-risk industries, the supply chain is where critical risk exposure is hardest to see – and hardest to defend.

HSWA Amendment Bill 2026: What Changes for NZ Businesses

The Health and Safety at Work Amendment Bill introduces the first statutory definition of critical risk. Here’s what officers and H&S leads need to know before September 2026.

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////