Governance and internal control arrangements for tourist and heritage railways

29 June 2018

What the legislation says…

The CEO and Board (or any other person or body controlling the rail operator) are responsible for the conduct and performance of the rail transport operator.

This is reflected in the duty of the officers to exercise due diligence to ensure that the rail operator complies with its duties and obligations under the rail safety legislation. It is an important role to provide leadership and direction to, and monitoring of, the performance of railway operations.

Leaders are responsible for having knowledge and understanding of the risks associated with railway operations, legislative obligations and the level of compliance being achieved.

Appropriate governance and internal control arrangements will ensure the availability of information required to manage rail operations safely and monitor compliance with legislation. That information needs to be available to the right people at the right level within an organisation so that decision-making is effective.

To achieve this, the rail operator’s safety management system should include systems and procedures to ensure that the CEO and Board, or the people managing the railway operations have sufficient knowledge:

  • of the risk profile of the railway operations being carried out to enable the rail operator to proactively manage the risks of those railway operations
  • of the level of compliance being achieved with the rail transport operator’s duties and obligations under the legislation
  • to determine whether
    • the safety management system is working effectively
    • the risks to safety are being identified, assessed and eliminated or controlled so far as is reasonably practicable
    • controls used to monitor risks to safety are being regularly reviewed and revised.

What does governance look like in your railway?

There are many systems and procedures that may be included in a rail operator’s safety management system to ensure that senior management receives appropriate and relevant information. Examples include:

  • key safety performance measures (which may include targets where appropriate) together with regular reporting systems so that performance is known and being monitored. These measures can also be shared with volunteers and others to inform them whether targets are being met
  • escalation procedures within hazard identification processes so that unaddressed hazard reports are progressively escalated through the management hierarchy until the hazard is effectively addressed. The timing and level of escalation should be related to the level of risk associated with the hazard. Everyone at the railway should have a responsibility to identify hazards and the confidence to know they will be appropriately actioned by management
  • processes for reporting on high risk hazards identified and measures undertaken to manage those risks. Examples are boiler monitoring in steam engines and track condition reports to prevent derailments
  • processes for reporting on the way in which assets are being managed. This should extend to awareness of future renewal and upgrading programs, and how asset condition and reliability will be achieved and sustained. This may be achieved through engineering, technical and financial management, enabling safety and performance targets to be met. This has importance in heritage railways in maintaining rolling stock to operate safely
  • processes to verify that the competence of safety-critical employees continues to be managed and that the organisation retains its overall competence and capacity to conduct railway operations safely
  • processes to verify that the resources available for implementing, managing and maintaining the safety management system are sufficient.

Discretion should be used in determining the level of detail necessary in information provided to the CEO and Board (or equivalent). This will vary according to the size and governance arrangements of the organisation.

The safety management system must support the leadership role of the CEO, Board and managers. It does that by including systems and procedures to ensure that decisions and directions made by the CEO, Board and managers that affect safety are being implemented effectively. For example, a safety management system may include some of the following procedures to ensure effective implementation of safety decisions:

  • safety decisions are documented, with any necessary follow up action and person responsible for implementation noted
  • safety decisions are provided to the person responsible for implementing the decision, along with advice as to any requirements for reporting on the matter
  • safety decisions are included on an issues log (or equivalent), that is regularly reviewed
  • safety decisions are followed up until completion or the implementation is self-sustaining
  • a manager is nominated to be responsible for maintaining, reviewing and reporting on the organisation’s safety management system
  • individuals have the necessary authority to execute their responsibilities
  • individuals are held accountable for the execution of their responsibilities
  • clear lines of accountability are established for personnel certifying the safety of critical infrastructure, equipment and operations
  • personnel who manage or carry out work relating to the safety of the railway operations, or who verify such work, are given the necessary organisational freedom and technical authority to:
    • initiate, and take, action to prevent unsafe occurrences
    • initiate and make recommendations or solutions to railway safety issues through designated channels;
    • learn from railway safety occurrences and to prevent any recurrence;
    • verify the implementation of solutions;
    • control further design, construction, commissioning, operation or maintenance activities so that any observable deficiency or unsatisfactory railway safety condition is corrected
    • identify internal verification requirements, provide adequate resources and assign competent personnel for verification activities.