Fiduciary Safety Risk: 7 Board Questions for 2026

When a serious injury reaches the boardroom, the first failure is rarely the event itself, because the earlier failure was the absence of disciplined questions about warning signs. This article gives directors and senior executives seven questions that turn fiduciary safety risk from an abstract governance phrase into a repeatable board agenda.

Why fiduciary safety risk belongs on the board agenda

Fiduciary safety risk is the governance exposure created when directors and senior officers do not ask reasonable, documented questions about hazards that can injure people, stop operations, damage reputation, or trigger regulatory action. Cornell Legal Information Institute describes the duty of care as the obligation to act with reasonable diligence and prudence, and occupational safety belongs inside that diligence when the company operates plants, warehouses, fleets, construction sites, laboratories, or field service teams.

The trap is treating safety as a department report rather than a material operating risk. OSHA's General Duty Clause requires employers to provide a workplace free from recognized serious hazards, while ISO 45001 places leadership and worker participation at the center of the safety management system. A board does not run lockout, hot work, lifting, or confined-space entry, but it can require evidence that those controls are not just written, audited, and forgotten.

On the Headline Podcast, Andreza Araujo and Dr. Megan Tranter return often to the same leadership question: what does real safety look like when nobody is performing for the meeting? That question matters here because a polished dashboard can hide weak controls, underreported near misses, exhausted supervisors, and serious injury and fatality exposure that never appears in a monthly TRIR slide.

1. Are serious risks visible beyond the TRIR slide?

A board should see serious injury and fatality exposure separately from total recordable incident rate, because TRIR was not designed to show whether fatal-risk controls are reliable. In many industrial operations, one fatal-risk precursor can matter more than twelve first-aid cases, even though the smaller events dominate the conventional dashboard.

What most leadership teams miss is that a low rate can become a sedative. As Andreza Araujo argues in Muito Alem do Zero (Far Beyond Zero), zero-focused scorekeeping often rewards silence, because managers learn that the absence of recorded harm is easier to defend than the exposure of weak signals. That is not a legal conclusion; it is a leadership pattern that turns reporting into performance management.

The board question is practical: which top five fatal-risk scenarios could hurt or kill someone this quarter, and what evidence proves their barriers worked last week? Directors should ask for a view that connects SIF leading indicators, barrier status, overdue corrective actions, and operational changes such as shutdowns, contractor peaks, or production pressure.

2. Is there a named owner for each critical control?

Critical controls fail when ownership is described in generic terms such as operations, maintenance, or EHS, because nobody can prove who verified the control before the job started. A board-level safety review should require named control owners for the exposures that can produce fatalities, major environmental releases, fires, explosions, or irreversible occupational illness.

Across 25+ years leading EHS at multinationals, Andreza Araujo identifies a recurring weakness: senior leaders ask whether a procedure exists, while the real question is whether the procedure survived contact with schedule pressure, contractor interfaces, and supervisor turnover. A critical control without owner, frequency, evidence, and escalation rule is a document, not a safeguard.

Directors do not need to approve every control. They need to know that the operating system identifies who owns energy isolation, who verifies bypassed guarding, who signs rescue readiness, and who stops work when a field condition no longer matches the plan. That level of governance also makes the safety risk register more than an annual spreadsheet.

3. Does the dashboard show weak signals or only injuries?

A fiduciary safety dashboard should show weak signals before harm, because oversight that waits for injury has already missed its best intervention point. Useful signals include high-potential near misses, repeated permit deviations, overdue closure of high-risk actions, supervisor span of control, fatigue exposure, contractor turnover, and the quality of field observations.

The leadership risk is not data scarcity, since most companies collect more safety data than they interpret. The risk is that directors receive a monthly package whose numbers are clean but whose narrative is thin. If the EHS team cannot explain why one business unit reports more near misses after a leadership change, or why another reports none during a high-risk outage, the board is looking at noise.

Ask management to distinguish activity volume from signal quality. A thousand safety observations mean little if they repeat generic housekeeping comments, while three high-potential reports about the same isolation gap can justify executive action before a fatal event. The board should compare this with the logic in the executive safety dashboard, where leading indicators carry more weight than decorative totals.

4. Can management prove that bad news travels upward?

Bad news must travel upward without retaliation, because safety governance depends on information that is often inconvenient, embarrassing, or expensive. If supervisors learn that only clean numbers are rewarded, the board loses sight of the very signals it needs to discharge reasonable oversight.

On a Headline Podcast conversation about leadership influence, the practical theme was not charisma; it was whether safety professionals can tell the truth early enough to matter. Co-host Andreza Araujo's own work in Safety Culture: From Theory to Practice reinforces the same point: culture is visible in what the organization does with uncomfortable information, not in what it says during campaigns.

Directors should ask for evidence that contradicts the official story. How many stop-work events occurred without punishment? How many near-miss reports named leadership decisions as contributors? How many corrective actions required capital, staffing, or redesign rather than retraining the operator? Those questions connect fiduciary safety risk to retaliation risk after speak-up, which is often the hidden governor of reporting quality.

5. Are corrective actions reducing risk or closing paperwork?

Corrective-action closure is not proof of risk reduction, because many actions close administratively while the exposure remains alive in the work. Boards should require a distinction between actions completed, actions verified in the field, and actions that changed a critical control.

The pattern is familiar after serious incidents: retrain, rebrief, update the procedure, close the action. James Reason's work on organizational accidents helps explain why that response is insufficient when latent conditions remain in design, planning, supervision, maintenance, or resource allocation. The operator may be closest to the event, but the board's concern is whether the system learned at the right level.

A useful governance test is to sample three high-risk corrective actions from the last quarter and ask what changed in the field. If the answer is a document revision, request evidence of observed behavior, engineering change, control verification, or removal of a production conflict. This is the same discipline explored in corrective action closure, where the visible close date can hide the untouched hazard.

6. Does capital allocation match the risk narrative?

Safety statements lose credibility when the capital plan contradicts the risk register, because governance is ultimately revealed by resource allocation. If management says machine guarding, ventilation, fall protection, fleet safety, or psychosocial workload is a top exposure, the board should see how budget, staffing, and schedule decisions reflect that claim.

During the PepsiCo South America tenure, where the accident ratio fell 50% in six months, Andreza Araujo learned that results changed when leadership treated safety as operational design rather than campaign energy. The lesson for directors is uncomfortable: a board can approve growth targets that silently create safety exposure through overtime, contractor compression, deferred maintenance, or unrealistic project windows.

Ask for a capital-risk bridge. Which top risks received funding? Which did not? What interim controls are in place until funding arrives? Who accepted the residual risk, and when will it return to the board? Those questions make fiduciary safety risk concrete because they connect human exposure to business decisions that directors actually control.

7. Is the board prepared for the first 72 hours after a fatality?

A board's safety oversight is tested most severely in the first 72 hours after a fatality, because legal, ethical, operational, family, workforce, regulator, and media responsibilities arrive together. Waiting until that moment to decide who speaks, what is known, and what must not be said creates avoidable harm.

This is where fiduciary safety risk becomes human. The board is not there to script compassion, but it must verify that the organization has a response protocol that preserves evidence, respects families, protects workers from speculation, and prevents executives from filling uncertainty with defensive language. A rehearsed process is not cold; it prevents improvisation when people are grieving and the facts are incomplete.

Directors should ask for a tabletop exercise that includes operations, legal, communications, HR, EHS, and site leadership. The scenario should include a contractor fatality, a regulator request, a family notification, a social media leak, and a production-continuity decision. That exercise should align with the 72-hour executive playbook rather than becoming a narrow communications drill.

Each quarter without a board-level safety risk routine allows weak signals to age inside the organization, while directors continue making capital, production, and leadership decisions with incomplete exposure data.

Board safety oversight vs fiduciary safety risk

Board safety oversight asks whether safety is being managed, while fiduciary safety risk asks whether directors have enough evidence to show reasonable diligence when serious hazards are foreseeable. The difference is subtle in meeting minutes and enormous after a serious event.

What boards should do next

Fiduciary safety risk is not a request for directors to become safety technicians; it is a request for directors to ask better questions about hazards that can alter lives, operations, and enterprise value. The practical move is to replace passive safety reporting with a quarterly serious-risk review whose agenda includes critical controls, weak signals, speak-up quality, corrective-action effectiveness, capital decisions, and emergency readiness.

The Headline Podcast is the space where leadership and safety come together to shape better workplaces and better lives. If your board or senior leadership team needs sharper safety conversations, start with one agenda item at the next meeting: ask management to bring the top five serious-risk scenarios and the evidence that their controls worked in the last thirty days.