95-0130 Audits [PDF]
Shell International Exploration and Production B.V. Manual for SIEPled HSE Auditing EP 95-0130 HSE MANUAL Revision 0:
28 0 265KB
Papiere empfehlen
![95-0130 Audits [PDF]](https://vdoc.tips/img/200x200/95-0130-audits.jpg)
- Author / Uploaded
- Clive Nicli
Datei wird geladen, bitte warten...
Zitiervorschau
Shell International Exploration and Production B.V.
Manual for SIEPled HSE Auditing
EP 95-0130
HSE MANUAL Revision 0: 1 August 1996
EP HSE Manual Amendment Record Sheet Section Number: EP 95-0130 Section Title: Manual for SIEP-led HSE Auditing
Rev. No. 0
Chapter Nos. All
Description of amendment
First Issue
Date
Amended by
1/8/1996
EPS-HE
Contents
CONTENTS Foreword 1
12.2 Administration
33
Appendices
3
1.1
Introduction
3
1.2
Purpose of HSE Audits
3
1.3
Objective of SIEP-Led Audits
3
1.4
Business controls and HSE-MS Auditing
4
2
The Internal Audit Process
5
3
Direct the Audit Process
7
4
Plan Audits
9
4.1
HSE Audit philosophy and programme
9
4.2
Frequency of HSE Audits
9
4.3
Standard HSE Audit packages
9
4.4
Formulation of HSE Audit plans
11
4.5
Duration of HSE Audits
12
5
Schedule SIEP-led Audits
5.1
Terms of reference
13
5.2
Audit team composition
15
5.3
Audit timing and duration
16
6
Perform Audits
6.1
Auditkit
17
6.2
Opening presentations and team briefing
17
6.3
Organisation
17
6.4
Finalisation of the Audit
19
7
Apply Results
23
8
Monitor Follow-Up
25
9
Analyse and Improve Process
27
10
Assess Overall Control Framework 29
11
Initiate Improvements to Framework
31
Manage Staffing and Administration
33
EP 95-0130 Revision 0 1 August 1996
33
1
Rationale for Independent HSE-MS Auditing
12
12.1 Staffing
I II III
Guidelines for the Application of Health, Safety and Environmental (HSE) Auditing
35
HSE-MS Audit Report - Model Contents Listing
41
HSE-MS Assessment Elements
55
Glossary of Terms and Abbreviations used
57
References
59
13
17
i
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing This page intentionally left blank.
ii
EP 95-0130 Revision 0 1 August 1996
Foreword
Foreword Group-wide requirements covering all types of audits are defined in the Internal Audit Guidelines (IAG) (Ref 1) issued by the Corporate Centre Internal Audit Department, and amplified in the 'Guidelines for the Application of Health, Safety and Environmental (HSE) Auditing' issued by the Group HSE Adviser. These guidelines are included in this manual as Appendix 1. This manual represents the application of these Group guidelines in the context of independent SIEPled HSE auditing with supplementary requirements being defined by the EPS-HE function in the SIEP Strategy and Business Services Directorate (SBS). The objective of this document is to convey the principles and practice of independent SIEP-led HSE auditing in an HSE Management System (HSEMS) context as practised in the EP Operating Units (OUs). As such it constitutes the Sector guidance required by Appendix 1. This manual provides guidance to lead auditors, audit team members, auditees and line managers. It provides a methodology for balanced judgement of OU performance along HSE-MS principles following a structured auditing technique. It is HSE specific and is consistent with the higher level documents in SIEP and the Group. Generic principles, also applicable to non-HSE audits, as provided in the higher level documents are repeated in this document where they are considered to underpin the principles. The structure of this manual will be updated at regular intervals to reflect changes in the SIEP role in HSE auditing or practical experience of SIEP lead auditors gained whilst conducting audits. The contents of this manual may assist OUs with an internal HSE auditing process along principles similar to SIEP-led audits.
EP 95-0130 Revision 0 1 August 1996
3
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing This page intentionally left blank.
4
EP 95-0130 Revision 0 1 August 1996
1 Rationale for independent HSE-MS auditing
1
Rationale for Independent HSE-MS Auditing
1.1 Introduction The Statement of General Business Principles (Ref. 2) provides policy guidance covering all Group activity. The Shell Group HSE policy is outlined as follows: 'It is the policy of Shell companies to conduct their activities in such a way as to take foremost account of the health and safety of their employees and of other persons, and to give proper regard to the conservation of the environment. Shell companies pursue a policy of continuous improvement in the measures taken to protect the health, safety and environment of those who may be affected by their activities. Shell companies establish health, safety and environmental practices and integrate them in a commercially sound manner into each business as an essential element of management'. In order to comply with the above and other policy elements, specific responsibilities have been delegated to the managers of the individual OUs. The introduction to Business Control Guidelines (Ref. 3) states: ' It is the responsibility of chief executives and managers in Group companies to establish, maintain, operate and demonstrate an appropriate framework of business controls. The framework should cover all activities of a company, whether operational, technical, commercial, financial or administrative'.
1.2 Purpose of HSE Audits With reference to the above, audit is a structured and independent means to demonstrate that the required business controls framework is appropriate and effective. The Guidelines for the Application of Health, Safety and Environmental (HSE) Auditing (Appendix 1) outline the purpose of HSE audits as follows: ' The overriding purpose of HSE auditing should be to provide OpCo management a systematic and independent assessment of the consistent and effective implementation of the HSE-MS. The HSE audit process should enable OpCo management to ensure that potential or actual flaws are remedied through effective follow-up action. BusComs will monitor this (in their shareholder role) and may insist that follow-up action is completed or improved where necessary.' Reference is made to Appendix 4 for audit definition.
1.3 Objective of SIEP-Led Audits Appendix 1 further outlines the role of the Services Companies (ServCos) in independent HSE audits as follows: ' Shareholders will expect OpCos' audit programmes to include independent HSE audits.' ' OpCos will usually engage HSE advisers in the Service Companies to conduct independent HSE-MS audits.' ' OpCos too small for effective internal audit shall make use of independent auditors.' Independent has been used here to mean an HSE audit of an OpCo carried out by a body external to the OpCo. In the EP environment it covers OU audits led by either SIEP (functional internal audit) or by a non-Group organisation (external audit). Conducting has been used here to mean leading the audits. Thus it follows that the objective of SIEP-led HSE auditing is to provide independent assurance to OU management to enable them to demonstrate to shareholders that the HSE aspects of a company's
EP 95-0130 Revision 0 1 August 1996
5
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing activity (or a defined part of that activity) are adequately managed. Appendix 1 states: ' These audits provide independent verification of the effectiveness of the OpCo HSE-MS, including internal HSE audit, and the strength of the framework of control.' ' The report shall provide an overall rating of HSE controls against specific standards using a defined technique'.' ' The report shall identify significant deficiencies against standards, and recommendations shall be as specific as the team allows.' ' Specificity and transparency of the audit will be the key.'
1.4 Business controls and HSE-MS Auditing Quality management principles demand that business controls are integrated within a management system, and that correct operation of the system is verified by audit. The required HSE Management System (HSE-MS) is defined in the document of that name (Ref. 4) by the Group HSE Committee in 1994. The HSE-MS incorporates the generic controls as defined in Business Controls Guidelines (Ref. 3) and provides specific detail and focus on HSE aspects, including the Hazard and Effects Management Process (HEMP). An HSE-MS in its highest level overview can be illustrated as follows: The HSE Management System Leadership and Commitment Policy and Strategic Objectives Organisation, Responsibilities Resources, Standards & Doc. Hazard and Effects Management Planning & Procedures Implementation
Corrective Action
Monitoring
Audit
Corrective Action & Improvement
Management Review
Corrective Action & Improvement
HSE-MS audits are an integral part of this system and assess the effectiveness of the application of this system. The following chapters will define the methodology and procedures for SIEP-led HSE auditing in HSE-MS context.
6
EP 95-0130 Revision 0 1 August 1996
2 The internal audit process
2
The Internal Audit Process
SIEP-led audits are part of the OU Internal Audit (IA) process.
The IA process as defined in the Internal Audit Process Model (IAPM) of the IAG (Ref. 1) is applicable to all types of audits, including HSE Audits, irrespective of whether these are OUled audits or independent audits led by SIEP staff. The IAPM is represented as follows: Internal Audit Process Model AUD-05
AUD-35
Initiate Improvements to Framework
Direct the Audit Process
Plan Audits AUD-10
Schedule Audits AUD-15
Perform Audits
Apply Results
AUD-20
Assess Overall Control Framework
Monitor Follow-up AUD-25
Analyse/ Improve Process AUD-30
Manage Staffing/Administration AUD-05
In this diagram, activities in boxes with dashed borders are not strictly part of the IA process. However, as these activities are routinely reviewed as part of HSE audit scopes they are included to provide overview and to illustrate interfaces with other processes. Similarly, the 10 IAPM elements, as applied to SIEP-led HSE audits, are used to structure the core chapters 3-12 of this guideline. The integration of IA in the business is illustrated in module A-02 of the EP Business Model (EPBM) (Ref. 5).
EP 95-0130 Revision 0 1 August 1996
7
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing This page intentionally left blank.
8
EP 95-0130 Revision 0 1 August 1996
3 Direct the audit process
3
Direct the Audit Process
Direction of the OU audit process is the responsibility of the Internal Audit Committee (IAC), the composition of which is determined by the OU. The role of the IAC, defined in the IAG (Ref. 1), relates to all types of audit including financial, commercial and technical. The Internal Audit and HSE Managers normally attend the IAC.
Fundamental to directing the audit process is the production and maintenance of adequate audit guidelines - which include standards and procedures - and ensuring their effective application. Each OU determines its own internal HSE audit guidelines which, consistent with Group guidelines, should include the following as a minimum: mission and vision statements for HSE, including auditing, required strategic development direction of HSE auditing, types of audit to be conducted, minimum frequency for each type of audit, duration range for each type of audit, requirements for evaluation and assessment, and requirements for follow-up of audit recommendations. As a further element of the audit direction process, shareholders will expect OU audit programmes to include independent HSE audits. Appendix 1 states: ' Independent audits shall verify the internal HSE audit process, testing reports, working files and implementation control, with sufficient sampling of operations to test effectiveness.'
As such: ' OpCo audit guidelines will identify the proportion of the total HSE audits to be independent audits, within BusCom guidelines.' ' The BusComs will monitor that OpCos have a structured programme for HSE audits in place.' The OU internal HSE audit guidelines need to be updated from time to time in light of changes in risks or risk acceptance criteria resulting from changing internal and external forces which include legislation and technological development. Also included within the audit directing process is final approval of the annual OU audit plan, the formulation of which is covered in the Chapter 4.
EP 95-0130 Revision 0 1 August 1996
9
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing This page intentionally left blank.
10
EP 95-0130 Revision 0 1 August 1996
4 Plan audits
4
Plan Audits
4.1
HSE Audit philosophy and programme
The IAG (Ref. 1) requires that each OU develop an audit programme to cover all processes within a five-year cycle. For EP OUs, the processes are defined in the EPBM (Ref. 5) which illustrates that about half of the total process elements are considered to be HSE-critical and should be subject to HSE audit. The portion of HSE-critical process elements varies from around 70% for key asset management and related execution processes to less than 10% for support processes. OUs should structure their HSE audit programme in a manner which demonstrably covers all HSE-critical processes. Appendix 1 states: ' In many OpCos a formal HSE-MS, with HSE Cases for critical activities, is the mechanism for such identification and control of risk and HSE audit is an important part of any HSE-MS.' An audit philosophy along HSE risk-based criteria will provide the basis for an effective and efficient audit programme. In developing a risk-based audit programme - what audits should be performed, why and when - HSE-MS and HSE Case documentation should serve as a key reference. These should provide a comprehensive listing of processes, events and activities which are considered critical to the OU in terms of health, safety and environmental risk. It is recognised that many OUs are yet to develop their audit philosophy in full along HSE risk-based criteria.
4.2
Frequency of HSE Audits
Frequency definition for of each type of HSE audit is an OU responsibility and the frequencies should be specified in the OU HSE Audit Guidelines. As a guideline, Appendix 1 states: ' All business processes should be periodically audited, and the frequency and depth of HSE auditing of a particular activity should be appropriate for the degree of potential risk. Only OpCo management can fully assess their local circumstances and select the appropriate frequency and depth of auditing appropriate for each activity. This selection shall be formal and transparent, and shall be regularly reviewed to take account of experience of incidents and changes in the OpCo's environment. An audit cycle should not be longer than five years as in that time major changes may have taken place and the consequences for the integrity of the control framework need to be verified.' In following the above, the frequency at which individual processes or assets are audited should be subject to the degree of HSE risk, the criticality of the process in relation to the business objectives and the perceived degree of control of that process. As such even well controlled processes or well managed assets may need to be audited more frequently than once every five years.
4.3
Standard HSE Audit packages
With reference to the EPBM (Ref. 5) EPS-HE have developed the following standard HSE audit packages: Facility Operations HSE audits, Facility Start-up HSE audits, Seismic HSE audits, Drilling HSE audits, Environmental audits, and
EP 95-0130 Revision 0 1 August 1996
11
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing
Occupational Health audits These standard types of audit focus on the HSE-critical activities as indicated below: Types of HSE Audit in the EPBM Opco Management - Health
Occupational Health
Opco Management - Environment
Environment Activity (Transport)
Materials & Transport
Explore
Appraise
Develop
Produce
Abandon
Drilling & Well Operations
Facility Operations Drilling
Survey Operations Facilities Design & Construction
Seismic Facility Start-up
The sequential driver activity Produce is individually assessed by facilities audits. Other sequential driver activities i.e. Explore, Appraise, Develop and Abandon, are assessed by audits of the recurrent execution activities as follows: Drilling and Well Operations as Drilling Audits. Survey Operations as Seismic Audits. Facility Design and Construction as Start Up Audits Abandonment should be subject to an environmental audit. Air operations are subject to audit by Shell Aircraft. The standard packages provide for common audit methodology and scope along approved Group and SIEP guidelines. These comprise BusCom standards which are compatible with IAG and corporate HSE guidelines. Reference is made to Appendix 2 for a scope description of these audit types. The first four of the above audits types are structured to provide comprehensive coverage of all elements of the HSE-MS; their scope includes detailed reference to HSE Case documentation or risk analysis material already available within the OU. The separate Occupational Health and Environmental audits are aimed at OU-wide management. These require SIEP specialist skills additional to the level normally provided in conducting the first four audit types.
All audits, regardless of being OU or SIEP-led, are essentially review processes of the OU business controls to establish that they are applied, effectively and efficiently, and comply with OU requirements. For HSE audits it is essential to verify that all risks have been identified, adequate controls have been identified and that controls are complied with. Given the inevitably wide scope and limited duration of SIEP-led HSE audits, this verification will be done via sampling as detailed verification of all the risk elements of the audited facility or activity cannot be achieved. As such the SIEP-led audits focus on: verification that structured risk assessment has been applied to the key HSE risk elements of the facility or activity, sample whether these risks have been appropriately assessed and the correct controls have been identified, and sample whether these controls are adequately implemented and complied with. By limiting the audit scope the sampling can be improved thus the verification can be done more
12
EP 95-0130 Revision 0 1 August 1996
4 Plan audits thoroughly. The standard audit packages provide guidelines to meet these principle objectives in which compliance observations are the key towards conclusions on adequacy of controls. Where possible SIEP-led audits will attempt to identify root causes for the observed deficiencies. The packages are OU independent and, with reference to Chapter 6, the contents will require some tailoring to fit the defined scope for individual OU audits.
In addition to the above, on OU request, SIEP will provide HSE auditing services as related to miscellaneous OU specific activity or theme audits, such as: Transport audits, Emergency Response audits, HSE management of contractors audits, Permit To Work audits, and HSE training audits Whereas these are covered in considerable depth in the first four of the above standard packages, OU specific circumstances may occasionally justify a more concentrated assessment in dedicated audits. The scope definition for these audits will invariably require more dialogue between the OU and assigned SIEP lead auditors when compared to the standard packages.
4.4
Formulation of HSE Audit plans
HSE audit plans should be prepared as integral elements of the OU annual business planning cycle. The timing of individual HSE audits should be determined and prioritised by the OUs IA Department in consultation with HSE and line managers and potential auditees, taking account of risk criteria and any new or revised business objectives. The typical five-year cycle audit plans should identify: Year 1:
precise audit scope, outline terms of reference and timing of audits
Year 2:
outline scope and quarterly phasing for Year 2
Year 3-5:
categories/titles per year.
There should be demonstrable continuity in each annual update of the five-year plan. It is at this stage that OUs, within New and Regional Business Directorates (N/RBD) guidelines, will determine which of the planned HSE audits will be SIEP-led. Appendix 1 states: 'Having established the total long term audit plan, the OpCo should identify the proportion to be independent audits as opposed to internal audits, within such guidelines as may be issued by the BusCom.' Following agreement of the plans with the N/RBDs, the plans for SIEP-led HSE audits should be submitted to EPS-HE for resource planning and execution scheduling within the overall EP independent HSE audit programme. Timing of plan submissions should be in accordance with the SIEP planning cycle, the details of which are communicated to each OU at the appropriate juncture in the cycle. Plans for SIEP-led HSE audits must be firmed-up in advance of the commencement of Year 1. EPS-HE should then nominate a leader for each audit identified as SIEP-led HSE audit (refer to Chapter 12).
4.5
Duration of HSE Audits
EP 95-0130 Revision 0 1 August 1996
13
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing
Audit duration is determined by the audit scope, the principles of team building, OU participation for ownership and the need to present a report on site. With reference to the scope typically covered in the standard audit packages as per Chapter 4.3 above, experience has led to the following recommended BusCom standards for SIEP-led audits: Facilities audits
- 16-18
days
Start-up audits
- 14-16
days
Activity audits
- 12-18
days
Environmental audits
- 12-14
days
Drilling audits
- 10-14
days
Seismic audits
- 8-10
days
Occupational Health audits
- 7-12
days
OU plans for SIEP-led audits should be based on these durations whereas the precise duration of each audit is determined as part of the detailed scheduling process of the individual audits. Deviations from these guidelines may be justified following detailed consideration of the Terms of Reference (see Chapter 5) and scope, and require approval by the nominated SIEP audit leader.
14
EP 95-0130 Revision 0 1 August 1996
5 Schedule SIEP-led audits
5
Schedule SIEP-led Audits
5.1 Terms of reference The first step in scheduling any audit is to define the detailed Terms of Reference (TOR) as these may affect resource requirements and dictate the mix of skills required within the audit team. For SIEP-led audits, either the auditee or the SIEP audit leader may initiate the TOR definition process, but it is the audit leader's responsibility to ensure that this process commences at least three months in advance of the planned start date. The TOR must have been agreed between auditee and audit leader prior to the start of the audit. If this can not be achieved, the audit must be deferred until such time that agreement is reached. Specifically for SIEP-led audits the TOR must be agreed at least one month in advance to secure a confirmed start date with a view to travel arrangements. The TOR must confirm objective, scope, standards, auditee, team members (see Chapter 5.2), audit methodology, and reporting requirements
Objective With reference to Sections 1.2 and 1.3 above, the principal objective of all HSE audits (except facility start-up audits - see below), whether OU- or SIEP-led, is to assess the effectiveness of the corporate HSE management system as applied to the specific facility, operation or activity. In this context the HSE management system is either the formally defined HSE-MS or, where this does not exist, the totality of those systems, procedures and practices used by the OU to manage HSE.
The principal objectives of a facility pre start-up audit differ slightly from the above but are essentially to verify that: the facility itself is in a fit state for start-up from an HSE perspective, all associated resources, controls, procedures and services are available to support the new activity, and HSE management was effective through development, construction and commissioning of the facility. The audit observations and recommendations in this context will be of marginal benefit to the audited project, however learning points may be identified for future OU projects of a similar nature. Supplementary audit objectives may be defined as appropriate to the specific needs of the individual OU or as dovetailing with the specialist expertise of the individual audit team members. This is an OU responsibility. As a standard all SIEP-led audits will deliver an opinion on the overall level of control in relation to the individual elements of the HSE-MS. Depending on the results of this detailed assessment the audit will be considered 'satisfactory' or 'unsatisfactory' (Chapter 6.4).
Scope Definition of audit boundaries or scope for SIEP-led HSE audits is an OU responsibility and should be in accordance with the outline agreed between OU and N/RBD in the Audit Plan. The scope should include the entirety of the subject facility, operation or activity as appropriate, including all relevant interfaces. The scope definition should be as specific as possible in relation to the audit type. Where an EPS-HE standard package has been selected for conducting the audit, the scope should be tailored to the standard audit methodology as detailed in this manual. For example, the scope definition for a facility audit should define boundary limits, specifically including or
EP 95-0130 Revision 0 1 August 1996
15
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing excluding named up- and down-stream pipelines and adjacent facilities. If a SIEP-led audit has not been conducted in an OU for more than a year, it is recommended that the audit scope includes assessment of the broader aspects of corporate HSE-MS, including for example management commitment and leadership, HSE policy, audit, etc. (refer to Chapter 6.4). As the audit results in this scope context will usually be beyond the control sphere of the auditee, observations and recommendations should be aimed at senior management and IAC level.
Standards The standards for assessment for all HSE audits should include, in priority order: laws and regulations of the country, OU current standards and procedures including HSE-MS and HSE Case(s), and standards specified in the Basis for Design (covering design, construction, commissioning and operation). SIEP-led audits will be expected to comment on any shortfall in the above in relation to Group policies, guidelines and standards.
Auditee and Co-ordinator Nominating the auditee is an OU responsibility. The auditee should be an individual, preferably the asset holder or process owner, clearly identified by name and/or reference indicator. Multiple auditees should be avoided by nominating an auditee at the higher level where overall accountability for the audited operation or facility is accepted. Early nomination of an audit co-ordinator has been proven instrumental in getting SIEP-led audits off to an efficient start. The incumbent will be required to assist in liaison between auditee and SIEP and arrange logistics, offices, documentation and accommodation for SIEP and third party audit team members. Combining these activities with the auditee responsibilities is usually unsuccessful.
Methodology and structure As a common approach to all audits, audit team members are required to gather information by observation, through interviews and by checks of hardware and documentation. An essential element in the audit process is the conscientious verification of facts and findings and the confirmation of the validity of recommended actions. Where judgement is required, the result should be determined by consensus within the audit team in which the audit leader has overall responsibility for reaching a conclusion. All SIEP-led HSE audits will, in principle, be conducted in accordance with BusCom standards, which follow the principles as documented in HSE Manual (EP 95000). In the short term (until the end of 1997), there may be circumstances in which OUs may request audits to be based on the Enhanced Safety Management (ESM) principles as outlined in EP 55000-14.
Reporting Reporting requirements in the TOR should provide for the audit results to be presented to the auditee and relevant members of OU management, and for delivery of a draft report at the end of the audit.
Reports of SIEP-led HSE audits will be stand-alone. Appendix 1 states that: 'Findings shall be detailed and effective. Follow-up actions shall be defined and secured.' The report will contain recommended actions which are classified in accordance with the seriousness
16
EP 95-0130 Revision 0 1 August 1996
5 Schedule SIEP-led audits of the observed and documented weaknesses or deficiencies. All SIEP-led audits will use the classification methodology as outlined in the IAG (Ref. 1). Further details are provided in Chapter 6.3. The classification of individual recommendations may form the basis for OU-specific ranking methodology. Where practical, weaknesses and recommendations will be grouped together to facilitate further analysis of root causes and formulation of generic recommendations. Where identified, structural weaknesses, deficiencies and recommendations will be highlighted in the report Main Findings. Notwithstanding this, translating audit observations and recommendations into agreed actions assigned to action parties is essentially a post audit activity and is an OU responsibility. The report will demonstrate how either the individual or the aggregate of the observed weaknesses have been used to assess the individual HSE-MS elements of the subject facility, operation or activity. Further details are provided in Chapter 6.4. Following the completion of final report editing in Central Offices, the SIEP audit leader will, within one month of the end of the audit, issue the formal report as per the agreed distribution list. Distribution will be restricted to OU-approved addressees which should include EPS-HE and the relevant N/RBD. Although the report will be registered with the SIEP EP library, the OU will remain the owner of the report and as such will define access.
5.2
Audit team composition
The correct balance of skills, expertise and seniority in an audit team is a critical success factor in the outcome of any audit. Full agreement is required between OU auditee and SIEP audit leader prior to undertaking the audit in which either party has the authority to decline the audit when an appropriate team cannot be made available. Qualification criteria for SIEP audit leaders are detailed in Chapter 12. Audit team members should be selected such that their skills are appropriate to the audit type and scope. If an OU lacks the appropriate skills and expertise to provide a suitable audit team, the SIEP team leader will resource additional team members from SIEP or other resource pools. This will be agreed with the auditee in advance. To ensure independence in assessing the individual and overall level of HSE control the SIEP-led audit team should ideally be an equal mix of SIEP and OU personnel. As a minimum, two SIEP members (including team leader) are recommended. Team members from third parties or other OUs may be proposed by either OU or SIEP where this would add value to the audit. Team members should normally be JG2/3, although a JG4 may be included where the incumbent has specific expertise relevant to the audit scope. As a minimum, one of the OU team members should be sufficiently senior to represent the management view to the remainder of the audit team. In the interests of maintaining independence and objectivity, not more than one member of the audit team should be directly involved in the audited operation. For similar reasons, SIEP auditors will not normally participate in OU audits within two years following an assignment in that OU.
All team members should be notified of their inclusion within the audit team at least three weeks prior to the start date. They should each be briefed on the TOR and, if it is their first audit, the audit process. The responsibilities for these briefings are as follows: OU IA department representative for OU team members, SIEP audit leader for SIEP team members, IA department representative for those third-party team members nominated by the OU to participate in the audit, and SIEP audit leader for those third-party team members nominated by SIEP to participate in the audits.
EP 95-0130 Revision 0 1 August 1996
17
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing As a minimum, prior to commencing the audit, all team members should be expected to have read the guidelines as contained in this document. All team members must commit to participate full-time in the audit unless agreed otherwise by the audit leader in advance of confirmation of the team composition.
5.3
Audit timing and duration
The start date for an audit should be arranged by mutual agreement between the auditee and the audit leader. The precise timing of facility and activity HSE audits is normally not critical and these should be closely aligned with the annual audit plans. The timing of pre start-up audits, being project-related, requires a balance between project completion - i.e. preparedness for audit - and time required for corrections as resulting from critical audit findings. Ultimately, the auditee should decide the startdate which should be fixed at least one month in advance of commencement of the pre start-up audit. Durations of SIEP-led audits should normally align with those given in Section 4.5. However, taking into account the specific audit scope, the auditee, audit leader, IA Department representative or the relevant line manager may propose a duration outside the recommended time frame. Such variations must be agreed by the SIEP audit leader who carries ultimate responsibility for the successful completion of the audit. All SIEP-led HSE audits include an element of training for those team members which are lacking in previous HSE audit experience. This will be provided by the audit leader at the commencement of the audit. The time required for this is included in the guidelines provided in Section 4.5.
18
EP 95-0130 Revision 0 1 August 1996
6 Perform audits
6
Perform Audits
6.1
Auditkit
'Auditkit' presents a task listing and set of tools to aid the SIEP audit leader in the conduct of an audit. It includes sample slide presentations, questionnaires, templates and guidelines and can be customised and supplemented by the leader to suit the individual audit requirements. Use of 'Auditkit' forms part of the training of SIEP audit leaders. 'Auditkit' is available on the EP 95000 CD-ROM and on the Shell World Wide WEB. In using 'Auditkit' from CD-ROM it is advisable to verify the latest version with EPS-HE, as it is planned to update 'Auditkit' on a regular basis. The following is an explanation of the generic audit process, the detail of which will be defined by the audit leader at commencement of each audit.
6.2
Opening presentations and team briefing
Each SIEP-led audit will commence with an opening presentation by the audit leader to the auditee and relevant members of line management. This presentation should cover: introduction of team members, terms of reference, audit methodology, locations to be visited, interviewing methodology, planned timetable, report outline, classification and assessment criteria, and date and time of the final presentation of audit results Ideally, the opening presentation should be followed by a presentation by the auditee to familiarise the team with the audited operation, explain corporate and departmental objectives, summarise HSE performance and to identify any areas requiring special attention or sensitivity. These initial presentations should be followed by a team meeting in which the audit leader briefs the team members on the conduct of the audit, allocates areas of investigation to team members and makes plans for team visits. This meeting will also identify the report structure and outline the report contents listing. Depending on the composition of the team and their previous audit experience, the initial part of the briefing may include an element of training in audit techniques.
6.3
Organisation
The team briefing slides in 'Auditkit' may be used by the leader at key milestones throughout the audit. They remind team members of key aspects to facilitate the smooth running of the audit and production of a quality report. Aspects included are interview strategy and guidelines on conduct, verification of findings, identification of root causes of deficiencies, formulating audit actions and report drafting/formatting.
EP 95-0130 Revision 0 1 August 1996
19
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing
Work distribution Following team introduction, the team leader will assign responsibilities for writing sections of the audit report to individual team members, depending their specific expertise.
Team management Team members are normally paired in relation to the expertise of individuals and the assigned tasks. Each pair makes its individual programme of document reviews, visits and interviews. Following this preparation, further team meetings will confirm plans and eliminate possible overlaps or omissions in the audit scope.
Facility/activity visits It is useful, early in the programme, for the whole team to visit the main audited location as a group, accompanied by the auditee or his delegate. This will help the audit team gain an overview and allow the more experienced auditors in the team to identify "leads" to the less experienced members. Individual auditor visits will be conducted at a later stage in the audit.
Documentation of facts/findings As the audit progresses, team members should document and verify their findings and formulate remedial actions. Frequent team meetings should be held to allow team members to share findings, use team expertise in defining actions, discuss issues, identify underlying root causes and define the recommendations of a broader nature.
Audit report contents The standard report contents for SIEP-led audits conducted in accordance with EP 95000 methodology is given in Appendix 2. The report index is essentially structured in line with the elements of the model HSE-MS and is subdivided to facilitate the assessment process. The report comprises: Chapter 1: Chapter 2: Chapter 3: Chapter 4:
the executive summary including main audit findings and assessment results. audit administration details including TOR and audit follow-up. the generic elements of the HSE-MS, applicable to all types of HSE-MS audit. the elements specific to the audit type.
Where available, HSE-MS and HSE Case documentation will be key reference material for both audit review and report documentation. The standard index of report Chapters 3 and 4 may, if necessary, be adjusted to meet the specific scope and requirements of the audit. The proposed listing is designed to provide comprehensive coverage when used in conjunction with the questionnaires in 'Auditkit' and significant variation should be unnecessary.
Report drafting One or more drafts of the audit report may be made and distributed among the team to promote cohesion, identify gaps, eliminate overlaps and improve structure and quality of the document. Team members should be encouraged to discuss their drafts with appropriate staff within the audited organisation in order to improve quality and transparency of their findings and recommendations, minimise later misunderstanding and maximise buy-in to the audit results. Certain parts of Chapters 3 and 4 are interlinked and care is required to avoid duplication. The detailed audit findings and recommendations should be given in Chapter 4 whereas Chapter 3 should focus on the root causes and recommendations related to the findings of Chapter 4.
20
EP 95-0130 Revision 0 1 August 1996
6 Perform audits
Audit recommendations Particular attention will be required to ensure that audit recommendations are stand-alone and SMART - Specific, Measurable, Achievable, Realistic and Time-based. The audit team may include views on required urgency, but defining the implementation timing of individual audit recommendations remains an auditee responsibility.
All audit recommendations will be classified in accordance with the definitions of the IAG (Ref. 1) for rating of weaknesses. In an HSE context these are translated as follows: Weakness Level
Definition
Serious
A serious weakness exposes the company to a major extent in terms of achievement of the corporate HSE objectives or results.
High
A high weakness is one which, though not serious, is essential to be brought to the attention of the senior management team. This should also include any otherwise medium weakness which is a repeat finding from a previous report.
Medium
A medium weakness could result in a perceptible and undesirable effect on achievement of HSE objectives.
Low
A low weakness has no major HSE impact at the process level but nevertheless its correction will assure greater effectiveness/efficiency in the process concerned.
In experiencing difficulty in establishing weakness levels, weaknesses may be ranked in terms of the expected impact, and dividing lines may be drawn to establish precise cut-off points. Classification should preferably be based on team consensus, but ultimate accountability for classification lies with the audit leader. All observations of weaknesses leading to recommendations will be detailed in the audit report. The recommendations subsequently classified as 'low' will be excluded from the audit report and will be issued as an audit memo from the audit leader to the auditee. The memo will be appended to the audit report. Weaknesses are classified as part of the audit process to assist auditors in arriving at the assessment of the individual HSE-MS elements and the subsequent overall audit result. Auditee disagreement with the documented classifications should not preclude timely close-out of the audit recommendations inclusive of documented audit trail.
6.4
Finalisation of the Audit
Report editing The final draft report should be reviewed and agreed by all team members. The most effective method for this is a team editing session in which the report is projected from a word processor onto a screen visible to the whole team. Each section is then reviewed in its entirety and issues are discussed with the objective of obtaining unanimous agreement on final report text with each member offering his comments. Audit leaders shall have editorial control and a deciding vote in case of disagreements. Editing may be conducted "on line" as the session progresses.
Audit assessment of level of controls One of the final stages in completing the audit is the delivery of an audit opinion on the level of control for the individual elements of the model HSE-MS. Whereas the model contains 8 elements this assessment is conducted along 10 elements which are as follows: 1 Leadership and Commitment
EP 95-0130 Revision 0 1 August 1996
21
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing 2 Policy and Strategic Objectives 3 Organisation and Responsibilities 4 Resources and Competence Assurance 5 HEMP 6 Planning 7 Standards, Procedures and Document Control 8 Implementation and Monitoring 9 Audit 10 Management Review Appendix 3 details the rationale for selection of these elements from the model HSE-MS.
22
EP 95-0130 Revision 0 1 August 1996
6 Perform audits
The assessment terminology in the IAG (Ref. 1) is as follows: Audit Opinion
Level of concern
Inference for senior management
Good
Specific
No follow-up required by auditee's function head (IAC) member.
Fair
Overall scope for enhancement
In addition to following up correction of any high or medium weaknesses the function head should encourage general improvement in control awareness.
Unsatisfactory
Overall cause for concern
In addition to following up correction of any high or medium weaknesses the function head should take affirmative action to ensure that control standards in this area are raised.
Unacceptable
Overall cause for grave concern
In addition to following up correction of serious, high or medium weaknesses the function head should satisfy the senior management team concerning affirmative action to raise control standards in this area.
The existing four point scale currently used in SIEP-led HSE audits is essentially equivalent to the IAG terminology. Its precise wording has been formulated to improve focus and clarity of the audit statement and as such it will be retained as follows:
Audit Opinion
Inference for senior management
++
A high standard of control requiring no additional management attention.
+
A high enough standard of control for improvements to be handled by the normal management involvement.
-
Essential controls are in place, but deficiencies require focused management intervention.
--
Essential controls are missing or ineffective. Prompt management action is needed.
Having read the draft audit report in detail, and having participated in the report editing sessions and the classification of weaknesses and recommendations, each team member should make his own assessment of each element. An audit assessment questionnaire, an example of which is provided in 'Auditkit', may be used to structure this process. The results should then be debated within the team until a consensus is achieved, although ultimate accountability for assessment lies with the audit leader. To arrive at the audit opinion on the overall level of control for the subject area, any HSE-MS element assessed to be 'double negative' will result in an 'unsatisfactory' audit.
Main findings Having completed the assessment of the HSE-MS elements and concluded the overall audit result, the Main Findings should be drafted by the leader and reviewed and agreed within the team. Where possible they will highlight root causes for the observed deficiencies. They should be communicated, together with HSE-MS element assessment and the audit opinion, to the auditee not later than the end of the working day preceding the concluding presentation of the audit results. Whilst the content of the Main Findings is determined and agreed by the team, the leader should agree the factual correctness and discuss the precise wording with the auditee. Every effort should be made to provide the auditee with a preliminary draft report to assist in understanding the context of the Main Findings.
Final presentation With the final draft report complete, a formal presentation should be given to the auditee by the team leader, in the presence of the whole audit team. The presentation should be a factual summary of the
EP 95-0130 Revision 0 1 August 1996
23
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing findings, key recommendations and assessment results. Selection and invitation of the audience is an auditee responsibility but should include the auditee's immediate supervisor or manager. Other interested managers and staff may attend. Although preferably conducted by the auditee following the audit, the audit leader, at auditee request, may give additional presentations to auditee's subordinate staff and/or contractors.
Issue of final draft and final report A copy of the final draft of the audit report should be handed to the auditee before the team leader leaves the OU. The formal report should be issued within one month, a copy will be registered in the EP library with access determined by the OU.
24
EP 95-0130 Revision 0 1 August 1996
7 Apply results
7
Apply Results
With reference to Chapter 2, application of audit results is not strictly part of the IAPM process. However, with reference to Appendix 1, SIEP-led HSE audits specifically include assessment of the implementation or application of the recommendations of previous independent audits. As such it is covered in this manual in outline.
Internal to OU The process of translating audit recommendations into agreed actions assigned to an action party is an OU responsibility. Assigning an audit follow-up co-ordinator is a widely adopted and successful approach. The follow-up process should itself be auditable and an OU register of deficiencies and corrective actions ensures that deficiencies are not overlooked and allows overall prioritisation. Subsequent decisions should be recorded, including decisions to do nothing or change action parties. Periodic reports are needed to keep the register up-to-date and inform management. A multi-user access tracking system will allow OU staff to update and check status and reduces the amount of unread information in circulation. It will also assist auditors in verifying that audit follow-up is adequately managed. Where a deficiency has been found in one part of the OU and corrective action recommended, the audit follow-up co-ordinator must consider the broader significance and if lateral corrective action may be needed e.g. if an operational audit has identified a weakness in the application of permits to work in one operational unit, other operational units should be checked for the same weakness. Verification of lateral application of audit recommendations should be a key element in the scope of all audits.
External to OU In conducting HSE audits SIEP staff will identify issues and practices which warrant communication to other OUs. In finalising the audit the SIEP audit leader will highlight these to OU management and request approval for SIEP dissemination of this information. Having obtained OU approval, the SIEP audit leader is responsible for ensuring that the relevant SIEP organisation is alerted to this information.
EP 95-0130 Revision 0 1 August 1996
25
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing This page intentionally left blank.
26
EP 95-0130 Revision 0 1 August 1996
8 Monitor follow-up
8
Monitor Follow-Up
Monitoring of audit follow-up is an OU responsibility. However, with reference to the guidelines provided in Appendix 1, SIEP-led HSE audits specifically include assessment of the follow-up to recommendations of previous independent audits. As such it is covered in this manual in outline. Further guidance is provided in the IAG (Ref. 1).
The IA Department should maintain a register of audit recommendations in which the status of each OU open action is regularly updated. The following may serve as a guideline: Completed
One off items
physically completed.
Continuing items
instructions issued and actioned for the first time
Rejected
The objective is not accepted and the authorised variance detailing the reasoning has been documented.
Varied
The same objective is to be achieved by a different route; should identify whether it is "agreed" or "completed".
Agreed
Specification of action has been decided, and expenditure has been authorised and instruction to go ahead to completion given.
Study
Not yet categorised.
A summary of the status of open audits should periodically be presented to the IAC who will assess the adequacy of follow-up activity and expedite any necessary OU remedial action. Responsibility for taking the necessary action, however, should remain with the line, completed actions should be formally documented and signed-off by persons of appropriate seniority. Documentation of closed-out items should be retained for possible inspection during subsequent audits. With reference to the guidelines in Appendix 1, approved justifications of variations or rejections of recommendations from SIEP-led audits will be copied to the audit team leader to avoid misinterpretation of recommendations. There is no further requirement to report routine audit followup details to the SIEP audit leader.
EP 95-0130 Revision 0 1 August 1996
27
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing This page intentionally left blank.
28
EP 95-0130 Revision 0 1 August 1996
9 Analyse and improve process
9
Analyse and Improve Process
Analysis of the audit process and implementation of improvements is an OU responsibility. However, in the context of the HSE-MS element Management Review, SIEP-led HSE audits may include a review of this IAPM element. As such it is covered in this guideline in outline, further guidance is provided in the IAG (Ref. 1). Annual reviews of all HSE audit activity conducted in each OU, by OU and SIEP, should be made within the respective organisations. These reviews should include analysis of:
numbers and types of audits conducted, overall audit results i.e. satisfactory/unsatisfactory, audit results of HSE-MS element assessment, findings (to identify commonly recurring deficiencies), audit participation by various departments, audit training conducted, changes in the available auditing skills pool, and costs. The results of each such review should be included in an annual report. Review of this report should be an integral element of the IA improvement process. A supervisory review of each audit provides material for a periodic review of the way audits are conducted in house. Especially in those OUs where HSE audits are part of the role of Internal Audit, the HSE function should be involved in these supervisory reviews. In addition to audits, incident investigations may also identify areas where controls need to be improved, or where the audit process needs to verify effectiveness of the HSE management process. Each incident should be reviewed to decide whether an audit before the incident could have identified the deficiencies. Failing to do this may require the scope of the HSE audits to be extended. Other assessments of the audit process come from SIEP-led HSE audits and Business Control Reviews. There is also an increasing involvement of outside bodies in setting standards for audits and auditors, particularly in the environmental area (EU Environmental Management and Audit Regulation - EMAS - Ref. 6). In general, the requirements set out in EP 93-1600 (Ref. 7) and this guideline exceed external requirements, although additional documentation may be required for formal compliance. Changes to the audit process need to be endorsed by the OU IAC and formalised by updating the OU audit manual.
EP 95-0130 Revision 0 1 August 1996
29
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing This page intentionally left blank.
30
EP 95-0130 Revision 0 1 August 1996
10 Assess overall control framework
10
Assess Overall Control Framework
Assessment of the overall control framework is an OU responsibility. However, in the context of the HSE-MS element Management Review, SIEP-led HSE audits may include a review of this IAPM element . As such it is covered in this guideline in outline, further guidance is provided in the IAG (Ref. 1) and the EP Business Governance guide (Ref. 8). The OU IAC should review the outcome of the year's HSE audits together with the results of other audits, reviews, incident investigations and management inspections to see if there are common underlying control problems which need action at high level across the company. Areas of weakness should be correlated with elements of OU HSE-MS with a view to appropriate corrective action.
EP 95-0130 Revision 0 1 August 1996
31
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing This page intentionally left blank.
32
EP 95-0130 Revision 0 1 August 1996
11 Initiate improvements to framework
11
Initiate Improvements to Framework
As indicated in Chapter 2, this element of the IAPM is not strictly part of the IA process. It is a toplevel management activity performed in relation to all audits and reviews conducted in the business. It is mentioned in this manual only to illustrate the continuity in the overall process of dealing with audits. Detailed guidance is provided in Internal Audit Guidelines (Ref. 1).
EP 95-0130 Revision 0 1 August 1996
33
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing This page intentionally left blank.
34
EP 95-0130 Revision 0 1 August 1996
12 Manage staffing and administration
12
Manage Staffing and Administration
12.1 Staffing Within SIEP, the SBS Directorate maintains a pool of qualified HSE audit leaders to assist OUs conduct their audit programmes. The SIEP HSE audit leaders occupy their positions for a period of 2-3 years as part of their career development. Prerequisites for SIEP audit leaders are as follows: minimum level JG2, CEP paralleling the current JG level of potential auditees, at least 15 years experience relevant to the types of audit that they will conduct, technical/operational HSE management experience, sound interpersonal and communication skills, and qualities of independence, objectivity and analysis. Prior to leading audits, SIEP audit leaders will undergo training including the following: Technical Audit course (EP04), Managing HSE in the Business Course (V2FA), Helicopter Underwater Escape Training (HUET) (periodically renewable), Basic Offshore Survival Training (periodically renewable), and participation in two HSE audits led by competent SIEP audit leaders. Suitably qualified SIEP staff will be made available to participate in SIEP-led audits in accordance with resourcing plans as agreed with EPS-HE at the start of the activity planning period. SIEP audit leaders are responsible for nominating and approving individual SIEP staff who, in addition to having suitable audit scope related experience, should be JG3 or higher although a JG4 may exceptionally be included. They should attend the Technical Audit Course prior to participation in their first audit. Selected SIEP staff will be communicated to OU auditees, highlighting relevant experience and selection criteria used. Following similar principles, OUs should have a means to identify line staff suitably qualified to participate in SIEP-led HSE audits. Approval of nominated OU staff for participation in SIEP-led audits is a joint responsibility of auditee and SIEP audit leader.
12.2 Administration The SIEP audit leader should prepare a budget in advance of each SIEP-led audit which covers all SIEP costs, including preparation time, travel and accommodation. The budget should be formally approved by EPS-HE. Overall SIEP related audit cost will be communicated to the auditee prior to commencing the audit. On completion of the audit, excessive variation (>10%) from the budget should be justified by the audit leader. The audit leader is responsible for maintaining audit correspondence files from inception until two years following completion of the audit. The audit leader will register a copy of the audit report in the EP library where it will be retained indefinitely. The reports may provide benchmarks in monitoring the development of the facility or activity concerned and evidence of an active search for deficiencies. Access to the reports will be specified by the OU.
EP 95-0130 Revision 0 1 August 1996
35
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing
APPENDIX I GUIDELINES FOR THE APPLICATION OF HEALTH, SAFETY AND ENVIRONMENTAL (HSE) AUDITING Endorsed by the HSE Advisers Panel,July 1996 (Original was signed by the Chairman, R. Laufs, PXE)
1
Introduction
1.1
General
HSE issues can give rise to major business risks. The Health, Safety and Environment Management Systems (HSE-MS), which are currently being implemented by Group companies, should include well structured HSE audit systems. Auditing forms an important element in systems designed to monitor, manage and contain HSE issues. The roles and responsibilities for HSE Auditing in Shell were first outlined in the note from HSE to Co-ordinators dated 2 November 1987. These have been refined with experience and discussion and the principles stated by Legal in the context of Operating/Service Company relationships. The reorganisation of the Service Companies (ServCos) entails some modification to the interplay between the various parties involved in HSE audits. The basic principles underlying HSE audits remain unchanged. For the sake of clarity, they are summarised in this note.
1.2
Intent
These corporate guidelines provide the basis for establishing individual HSE audit policies and plans for Operating Companies (OpCos) and are intended for General managers and senior managers accountable for OpCo HSE performance or involved in HSE auditing. The guiding principle for HSE audits is that it is an OpCo management responsibility to conduct or have conducted HSE audits1) . The BusComs will monitor that OpCos have a structured programme for HSE audits in place. These Guidelines on HSE Auditing are consistent with Group Internal Audit Guidelines.
1.3
Purposes of HSE audit
The overriding purpose of HSE auditing should be to provide OpCo management a systematic and independent assessment of the consistent and effective implementation of the HSE-MS. The HSE audit process should enable OpCo management to ensure that potential or actual flaws are remedied through effective follow-up action. BusComs will monitor this (in their shareholder role) and may insist that follow-up action is completed or improved where necessary.
1.4
Role of Service Company (ServCo) as auditor
OpCos will usually engage HSE advisers in the Service Companies to conduct independent HSE-MS audits2) . This will take place under the umbrella of a Service Agreement (as the case may be, a 1
)
2
)
H SE audits of joint ventures will depend on the contractual arrangements, in particular the extent of involvement of Shell companies or staff in the operation or management of the joint venture, as covered in Associated Company Guidelines.
36
Independent HSE-MS audit has been used here to mean an HSE audit of a Company earned out by a
EP 95-0130 Revision 0 1 August 1996
Appendix I Guidelines for the Application of Health, Safety and Environmental (HSE) Auditing general Technical Service Agreement or an ad hoc agreement). The role of ServCo staff as auditor in respect of follow-up action will be as agreed between the OpCo and ServCo. Where necessary, the BusCom will insist that it is the OpCo's responsibility to take remedial action.
2
Criteria
Due diligence requires that: HSE auditing shall be a responsibility of the management of each OpCo. hareholders will expect OpCos' audit programmes to include independent HSE audits. The depth and frequency of HSE audits will be based on an assessment of the various HSE risks. Terms of reference, scope, objectives and time-table shall be agreed and specified. The competence of auditors shall be assured and verified. The audit report shall be a formal and independent document. Specificity and transparency of the audit shall be the key. Findings shall be detailed and effective. Follow-up actions shall be defined and secured. Monitoring of follow-up shall be an integral part of the auditing process.
3
Application
Each of the criteria is expanded below, to explain how it should be met.
3.01 HSE auditing shall be a responsibility of the management of each OpCo The OpCo shall have an explicit HSE audit policy and plan covering all activities and carried out to specified standards. The numerous differences of activities in the OpCos may result in a wide range of approaches. OpCo HSE audit guidelines shall cover how the frequency of HSE audits is to be determined. Audit frequency for an activity shall not be longer than 5 years. The OpCo integrated 5 year plan, including HSE audits shall be reviewed by the BusCom.
3.02 Shareholders will expect OpCos' audit programmes to include independent HSE audits The OpCo's internal HSE audit procedures shall be reviewed as part of Group Business Control Reviews for adequacy and effectiveness. OpCo management should plan and carry out internal assessments of HSE audit effectiveness and be audited/appraised on this process. OpCo audit guidelines will identify the proportion of the total HSE audits to be independent audits, within BusCom guidelines. A formal agreement between the OpCo and ServCo or external auditors shall be in place covering responsibilities, liabilities and the criteria used for the audit, and be cited in body which is not part of that Company. It covers OpCo audits led by either a ServCo (functional audit) or by a non-Group organisation (external audit) An independent audit may benefit from the inclusion of Opco staff in the team but the lead auditor, his team composition and the audit standards and technique followed should be selected by the auditing organisation
EP 95-0130 Revision 0 1 August 1996
37
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing the audit report. Independent audits shall verify the internal HSE audit process, testing reports, working files and implementation control, with sufficient sampling of operations to test effectiveness. OpCos too small for effective internal audit shall make use of independent auditors. To qualify as one of the required independent HSE audits, the standards of an external audit shall be compatible and comparable with BusCom standards. HSE audits which may be imposed by external authorities should be integrated in the plan to avoid unnecessary duplication but must meet the Group standard in order to qualify as an independent audit. In exceptional cases, where provided for by Agreements, shareholders may carry out Shareholder HSE Audits(e.g. in Joint Ventures).
3.03 The depth and frequency of HSE audits will be based on an evaluation of the various HSE risks The objective of HSE auditing is to provide reasonable assurance to management that HSE risks have been identified and an appropriate framework of controls is in place and effective. These guidelines cover the integrity of the audit system and the professionalism of the auditing; but how the audit system is applied to the various business activities depends on analysis of the HSE risks of those activities. All business processes should be periodically audited, and the frequency and depth of HSE auditing of a particular activity should be appropriate for the degree of potential HSE risk. Audit frequencies shall also be related to the findings of previous audits. In many OpCos a formal HSE-MS, with HSE Cases for critical activities, is the mechanism for such identification and control of risk and HSE audit is an important part of any HSE-MS. Until HSEMS is effectively in place, HSE audits should be programmed to provide assurance that the HSE risks are being effectively managed. Only OpCo management can fully assess their local circumstances and select the appropriate frequency and depth of auditing appropriate for each activity. This selection shall be formal and transparent, and shall be regularly reviewed to take account of experience of incidents and changes in the OpCo's environment. An audit cycle should not be longer than five years as in that time major changes may have taken place and the consequences for the integrity of the control framework need to be verified. Having established the total long term audit plan, the OpCo should identify the proportion to be independent audits as opposed to internal audits, within such guidelines as may be issued by the BusCom. These audits provide independent verification of the effectiveness of the OpCo HSE-MS, including internal HSE audit, and the strength of the framework of control. The OpCo also needs to assess the level of control it has, which is related to work force attitude, degree of supervision, geographical scatter, communications and the quality of business controls in place as evidenced by previous audits. At the same level of risk a low level of control requires a higher frequency or intensity of audit.
3.04 Terms of reference, scope, objectives and time-table shall be agreed and specified An OpCo audit standard shall specify terms of reference, scope, objectives and timetable for typical internal audits. Variations from this for a specific audit shall be formally agreed by the OpCo Internal Audit Committee (IAC) and auditee before the audit starts. The audit standard set by BusCom for terms of reference, scope, objectives, and timetable will be followed for ServCo led audits except where specific variations have been agreed beforehand by both the OpCo IAC and ServCo team leader. The minimum standard for HSE management systems shall be compliance with statutory
38
EP 95-0130 Revision 0 1 August 1996
Appendix I Guidelines for the Application of Health, Safety and Environmental (HSE) Auditing requirements, Group Policy and other corporate Group Guidelines and OpCo standards. The OpCo HSE Management System scope and content shall be assessed by comparison with the Group model, including control of technical integrity. Its effectiveness shall be assessed against BusCom's HSE Management System objectives.
3.05 The competence of auditors shall be assured and verified The OpCo shall have explicit standards for the audit qualifications of leaders of internal HSE audits and for the technical expertise of team members. The selection of leader and team members shall ensure independence of the audited activity. The OpCo standard audit technique shall be consistently followed. HSE audit leaders shall be qualified to Group standards including training in the standard audit technique recommended by BusComs. Feedback on the quality of audit execution, reporting and recommendations will be included in the competence assurance of audit leaders. The auditee's supervisor feedback shall be solicited on audit effectiveness.
3.06 The audit report shall be a formal and independent document. Internal audit reports shall be OpCo documents in standard format with controlled circulation and filing. Independent audit reports shall be Company to Company documents with the status of formal advice from the lead auditor's organisation. The OpCo may comment on the draft report, through its members of the team or through the auditee to the team leader but cannot override the teamleader's responsibility for the final report. For both internal and independent HSE audits, the report shall be agreed by all the team members, though audit leaders shall have editorial control and a deciding vote in case of disagreements.
3.07 Specificity and transparency of the audit shall be the key The audit shall provide an audit trail, either maintaining a confidential working file of evidence to support the findings and recommendations of the report or using the full text format, with samples, findings and deficiencies complete in the report. The report shall identify all significant deficiencies against standards, and recommendations shall be as specific as the expertise of the team allows. Each recommendation shall be uniquely identified, and prioritised. The report shall provide an overall rating of HSE controls against specific standards using a defined technique.
3.08 Findings shall be detailed and effective The system failure, as well as the immediate cause of each deficiency, shall normally be identified and corrective action detailed. Deficiencies shall be systematically related to weaknesses in the management system, and major deficiencies shall be analysed in a consistent summary form for the OpCo. Each recommendation for action shall be discrete, specific, clear, realistic and measurable as to its completion.
3.09 Follow-up actions shall be defined and secured An internal control system shall maintain an audit trail, recording the change of status of each outstanding recommendation until all recommendations are closed out to the Internal Audit
EP 95-0130 Revision 0 1 August 1996
39
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing Committee's (IAC) satisfaction. The line shall formally approve or reject justifications for rejecting or varying audit recommendations. Periodic internal audits of the implementation process will be included in the plan. Approved justifications of variations or rejections of independent audit recommendations will be copied to the audit teamleader to avoid misinterpretation of recommendations. Independent audits will include assessment of the implementation of the recommendations of previous independent audits.
3.10 Follow-up shall be an integral part of the auditing process An OpCo follow-up co-ordinator shall be nominated for every audit. Regular collated implementation progress reports shall be sent to the IAC or included in the OpCo Management Information Systems (MIS). The IAC shall review the progress of implementation at each meeting and shall provide a mechanism for the identification and implementation of lateral action within the OpCo. BusComs will monitor the implementation progress for independent audits, as a minimum reviewing numerical progress reports annually. The BusCom audit committee shall review overall implementation progress by each OpCo annually and provide a mechanism for identification and implementation of learning points between OpCos. July 1996
40
EP 95-0130 Revision 0 1 August 1996
Appendix I Guidelines for the Application of Health, Safety and Environmental (HSE) Auditing This page intentionally left blank.
EP 95-0130 Revision 0 1 August 1996
41
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing
APPENDIX II HSE-MS AUDIT REPORT - MODEL CONTENTS LISTING 1
EXECUTIVE SUMMARY
1.1 1.2 1.3 1.4
Introduction Scope Main findings Audit opinion
2
AUDIT ADMINISTRATION
2.1
Terms of reference
2.1.1 2.1.2 2.1.3 2.1.4 2.1.5
Objective Scope Standards Auditee Methodology
2.2
Follow-up to the audit
2.2.1 2.2.2 2.2.3
Approach Classification of actions Classification of follow-up progress
3.
HSE MANAGEMENT SYSTEM
3.1
Leadership and commitment
3.1.1 3.1.2
Management leadership and commitment Leadership and commitment in the line
3.2
Policy and strategic objectives
3.2.1 3.2.2
HSE policies Strategic objectives
3.3
Organisation and responsibilities
3.3.1 3.3.2 3.3.3 3.3.4
Organisation structure Definition of responsibilities and empowerment Relations with authorities Management of change
3.4
Manpower resources and competence assurance
3.3.1 3.3.2 3.3.3
Manning levels Definition and verification of competence requirements Training
42
EP 95-0130 Revision 0 1 August 1996
Appendix II HSE-MS Audit Report - Model Contents Listing 3.3.4
Staff experience and turnover
3.5
Hazards and effects management process
3.5.1 3.5.2 3.5.3 3.5.4
Hazard identification and assessment Risk reduction and demonstration of ALARP Management of residual hazards and effects HSE Case
3.6
Planning
3.6.1 3.6.2 3.6.3 3.6.4
Corporate level planning Process level planning Activity and task level planning Contingency and emergency planning
3.7
Standards, procedures and document control
3.7.1 3.7.2 3.7.3 3.7.4 3.7.5
Standards and legislation Procedures Contracting standards and procedures Management of change Document control
3.8
Implementation and monitoring
3.8.1 3.8.2 3.8.3 3.8.4 3.8.5
Activity and tasks Monitoring and records Non-compliance and corrective action Incident investigation reporting Communication and motivation
3.9
Audit
3.9.1 3.9.2 3.9.3
Corporate auditing Departmental and contractor auditing Audit follow-up
3.10 Management review 3.10.1 Review and inspection programme and follow-up 3.10.2 Review of external factors
EP 95-0130 Revision 0 1 August 1996
43
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing
4
HSE IN THE BUSINESS
This section of the report is specific to the audit type. The audit leader should therefore select the correct listing for Section 4 from the selection shown below: Audit Type
44
Facilities (incl start-up)
Appendix 2a
Seismic
Appendix 2b
Drilling
Appendix 2c
Environmental
Appendix 2d
Occupational Health
Appendix 2e
EP 95-0130 Revision 0 1 August 1996
Appendix II HSE-MS Audit Report - Model Contents Listing This page intentionally left blank.
EP 95-0130 Revision 0 1 August 1996
45
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing
APPENDIX IIa SECTION 4 - FACILITIES AUDITS 4.1
Containment
4.1.1 4.1.2 4.1.3 4.1.4 4.1.5 4.1.6 4.1.7 4.1.8
Wells, flowlines and manifolds Process systems Flaring and venting systems Drains systems Pipelines Product storage and loading facilities Inspection and corrosion management Emission control, effluent and waste management
4.2
Control of ignition
4.2.1 4.2.2 4.2.3 4.2.4
Layout, equipment spacing and Hazardous Area Classification (HAC) Electrical equipment and systems Fired heaters and combustion engines Access control and security
4.3
Safeguarding systems
4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6 4.3.7
General controls Control, alarm and shut-down systems Pressure relief equipment Blowdown systems Gas detection (flammable and toxic) Smoke, heat and fire detection Leak detection
4.4
Operator/process interfaces
4.4.1 4.4.2 4.4.3
Wells, process and facilities surveillance Plant buildings and control room Telecommunications equipment
4.5
Personnel emergency services
4.5.1 4.5.2 4.5.3
POB control and emergency induction Emergency escape, evacuation and drills Medical and first-aid facilities
4.6
Fire hazard management
4.6.1 4.6.2 4.6.3 4.6.4 4.6.5
Policy, procedures and plans Passive fire protection facilities Fixed fire protection and firefighting facilities Mobile and portable firefighting facilities Firefighting preparedness
4.7
Workplace practices
46
EP 95-0130 Revision 0 1 August 1996
Appendix IIa Section 4 - Facilities audits 4.7.1 4.7.2 4.7.3 4.7.4 4.7.5
Permit To Work (PTW) system Maintenance Isolation practices Process interlocking control practices Housekeeping
4.8
Occupational health
4.8.1 4.8.2 4.8.3 4.8.4 4.8.5 4.8.6 4.8.7 4.8.8 4.8.9
Health risk assessment Noise and vibration HVAC and lighting Radiation heat stress Ergonomics Materials selection and handling Accommodation and sanitation Personnel protection equipment Welfare provisions
4.9
Transport and logistics
4.9.1 4.9.2 4.9.3 4.9.4
Land transport Marine transport Air transport Cranes and lifting equipment
4.10 HSE in engineering 4.10.1 4.10.2 4.10.3 4.10.4 4.10.5 4.10.6 4.10.7
Design reviews and HAZOP Environmental and social impact Occupational health in facilities design Construction and commissioning Purchasing controls Technical documentation and records Change and variance control
EP 95-0130 Revision 0 1 August 1996
47
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing
APPENDIX IIb SECTION 4 - SEISMIC AUDITS 4.1
Health
4.1.1 4.1.2 4.1.3 4.1.4 4.1.5 4.1.6
Health Risks Assessment (HRA) Risk control measures Medical checks Medical records Health promotion Medevac response
4.2
Environmental effects and control
4.2.1 4.2.2 4.2.3 4.2.4 4.2.5 4.2.6
Environmental Assessment (EA) process Seismic land operations effects and controls Waste management Spill control Marine operations effects and control Impact of operations on local communities
4.3
Land operations base camps
4.3.1 4.3.2 4.3.3 4.3.4 4.3.5
Camp access and lay out Kitchen Electrical systems Workshop Fuel handling
4.4
Security
4.5
Transport in land operations
4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 4.5.6
Scope and resources Safety features and equipment Maintenance Personnel selection, training and control Journey management and procedures Operating procedures
4.6
Emergency equipment
4.6.1 4.6.2 4.6.3
Communications Firefighting Maritime emergencies
4.7
Seismic line operations (land)
4.7.1 4.7.2 4.7.3 4.7.4
General seismic line safety Surveying and line cutting Drilling Recording
48
EP 95-0130 Revision 0 1 August 1996
Appendix IIb Section 4 - Seismic audits
4.8
Explosives storage and handling
4.8.1 4.8.2 4.8.3 4.8.4 4.8.5 4.8.6 4.8.7
Storage Record-keeping, distribution and handling Transport to field In field storage, distribution, handling Shot hole loading Shooting Misfires
4.9
Marine vessels
4.9.1 4.9.2 4.9.3 4.9.4 4.9.5 4.9.6 4.9.6
General Vessel maintenance Uncontrolled hazards and housekeeping Chase vessel Firefighting Life saving equipment and procedures Shore based logistics
4.10 Marine Seismic Operations 4.10.1 Use of small boats 4.10.2 Back-deck operations
EP 95-0130 Revision 0 1 August 1996
49
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing
APPENDIX IIc SECTION 4 - DRILLING AUDITS 4.1
Well Control
4.1.1 4.1.2 4.1.3 4.1.4 4.1.5 4.1.6 4.1.7 4.1.8 4.1.9 4.1.10
Technical well design BOPs Accumulator unit Choke manifold Mud-gas separator Degasser Well control procedures Kick drills and stripping exercises Emission control Simultaneous (concurrent) operations
4.2
Control of Ignition
4.2.1 4.2.2 4.2.3 4.2.4 4.2.5
Hazardous Area Classification (HAC) DC motor blowers Electrical equipment Portable electrical equipment and power supply Generator, motor and compressor rooms
4.3
Detection, alarms and shut-down systems
4.3.1 4.3.2 4.3.3 4.3.4 4.3.5 4.3.6
Fire detection Flammable gas detection H2S detection Fire and general alarms ESD systems Ballast / control room
4.4
Rig equipment
4.4.1 4.4.2 4.4.3 4.4.4 4.4.5 4.4.6 4.4.7 4.4.8 4.4.9
Rig specifications and modifications Location design / restoration Slush pumps and mud system Derrick, hoisting and rotary equipment (including topdrive) Auxiliary brake Rig floor equipment Driller's console Winches Pressurised tanks
4.5
Lifesaving, fire protection and firefighting facilities
4.5.1 4.5.2 4.5.3 4.5.4
Firefighting facilities Evacuation and escape plan First aid and medical facilities Emergency generator
50
EP 95-0130 Revision 0 1 August 1996
Appendix IIc Section 4 - Drilling audits
4.6
Workplace procedures
4.6.1 4.6.2 4.6.3 4.6.4 4.6.5 4.6.6 4.6.7 4.6.8 4.6.9 4.6.10
Permit To Work (PTW) Personal Protective Equipment (PPE) Toolbox meetings STOP, UAA and JSA Deficiency register Maintenance Change control Housekeeping Waste management Chemical management
4.7
Occupational health
4.7.1 4.7.2 4.7.3 4.7.4 4.7.5 4.7.6
Noise Chemicals Lighting Accommodation Eye wash and deluge facilities Radioactive sources
4.8
Transport and materials handling
4.8.1 4.8.2 4.8.3 4.8.4 4.8.5
Land Marine Air Cranes and lifting equipment Forklift truck
4.9
Service contractors
4.9.1 4.9.2 4.9.3 4.9.4 4.9.5
Mud engineering Electric wireline logging Cementing and pumping services Mud logging Integrated services
EP 95-0130 Revision 0 1 August 1996
51
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing
APPENDIX IId SECTION 4 - ENVIRONMENTAL AUDITS 4.1
Environmental Assessment (EA)
4.1.1 4.1.2 4.1.3 4.1.4 4.1.5 4.1.6 4.1.7
General Role of the Environmental Advisor Consultation The EA process Identification of hazards and effects Evaluation of controls Management controls
4.2
Social impact assessment
4.2.1 4.2.2 4.2.3 4.2.4 4.2.5 4.2.6
Demographic impacts Socio-economic impacts Health impacts Impact on social infrastructure and resources Psychological and cultural community impacts Mitigation and monitoring
4.3
Waste management
4.3.1 4.3.2 4.3.3 4.3.4
Management systems Responsible disposal Control and monitoring Applied practices
4.4
Effluent control
4.4.1 4.4.2 4.4.3 4.4.4
Management systems Responsible disposal Control and monitoring Applied practices
4.5
Emission control
4.5.1 4.5.2 4.5.3 4.5.4
Management systems Responsible disposal Control and monitoring Applied practices
4.6
Logistics and materials
4.6.1 4.6.2
Transport Chemicals and hazardous materials
4.7
Engineering
4.7.1 4.7.2 4.7.3
Project management Design Construction/commissioning
52
EP 95-0130 Revision 0 1 August 1996
Appendix IId Section 4 - Environmental audits
4.8
Decommissioning, abandonment, restoration
4.8.1 4.8.2 4.8.3
Legislation, planning and evaluation Program implementation Monitoring
4.9
Contingency planning and preparedness
4.9.1 4.9.2 4.9.3
Policies and plans Oil spills Other environmental emergencies
EP 95-0130 Revision 0 1 August 1996
53
HSE Manual EP 95-0130 Appendix IIe Section 4 - Occupational health audits
APPENDIX IIe SECTION 4 - OCCUPATIONAL HEALTH AUDITS 4.1
Health risk assessment
4.1.1 4.1.2
Chemical agents Physical agents
4.2
Health risk control
4.2.1 4.2.2 4.2.3
Engineering controls Procedural controls Personal protective equipment
4.3
Human factors (ergonomics)
4.3.1 4.3.2 4.3.3
Management of ergonomics Implementation at the workplace Working hours / working cycles
4.4
Life style
4.4.1 4.4.2 4.4.3 4.4.4
Alcohol and drugs abuse Smoking AIDS Fitness standards
4.5
Public health (living environment)
4.5.1 4.5.2 4.5.3 4.5.4 4.5.5 4.5.6 4.5.7
General housing and living facilities Sanitary facilities Catering and food hygiene Drinking water Pest and vector control Disease prevention Environmental health (community health)
4.6
Health surveillance and monitoring
4.7
Medical emergency response and treatment facilities (recovery)
4.7.1 4.7.2 4.7.3
Medical emergency plan and first-aid procedures Company facilities External facilities
4.8
Health promotion
4.9
Record keeping and reporting
4.9.1 4.9.2 4.9.3
Health performance reporting Incident investigation Records and analysis
54
EP 95-0130 Revision 0 1 August 1996
Appendix III HSE-MS Assessment elements
APPENDIX III HSE-MS ASSESSMENT ELEMENTS Audit results should, in principle, be based on the assessment of the elements of the model HSE-MS which are as follows: 1 Leadership and Commitment 2 Policy and Strategic Objectives 3 Organisation, Responsibilities, Resources, Standards and Documentation 4 HEMP 5 Planning and Procedures 6 Implementation and Monitoring 7 Audit 8 Management Review To aid a balanced assessment the following factors require consideration: The third element "Organisation, Responsibilities, Resources, Standards and Documentation" covers too large a part of the HSE-MS and audit scope and requires further breakdown. The fifth element "Planning and Procedures" contains two separate and important subjects which merit separate assessment. Experience has shown that standards and procedures are frequently integrated within the same documents (a typical example being the "Safety Manual"). To avoid audit teams wasting time discussing whether a particular document is a standard or procedure, standards and procedures need to be assessed together. There is a need for focus on the important subject of competence assurance as a subelement of "Resources". For these reasons the audit assessment elements are defined as follows: 1 Leadership and Commitment 2 Policy and Strategic Objectives 3 Organisation and Responsibilities 4 Resources and Competence Assurance 5 HEMP 6 Planning 7 Standards, Procedures and Document Control 8 Implementation and Monitoring 9 Audit 10 Management Review For clarity purposes the report contents (Appendix 2) will be aligned with the assessment elements.
EP 95-0130 Revision 0 1 August 1996
55
HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing
Glossary of Terms and Abbreviations used ALARP Audit
As Low As Reasonably Practicable A structured independent examination
BusCom
Business Committee (as used in Group wide context)
CEP
Currently Estimated Potential
EP EP04 EPBM EPS-HE EU
Exploration and Production Technical Auditing Course Exploration and Production Business Model SBS Directorate Health, Safety and Environment function European Union
HEMP HSE HSE-MS HUET
Hazard and Effects Management Process Health Safety and Environment Health, Safety and Environment Management System Helicopter Underwater Escape Training
IA IAC IAG IAPM
Internal Audit Internal Audit Committee Internal Audit Guidelines Internal Audit Process Model
JG
Job Group
N/RBD
New and Regional Business Directorate
OpCo OU
Operating Company as used in a Group wide context Operating Unit as used in EP context (previously OpCo)
POB
Persons on Board
SA SBS SIEP SMART
Shell Aircraft Strategic and Business Services Directorate Shell International Exploration and Production Specific, Measurable, Achievable, Realistic and Time-based
V2FA
Managing HSE in the Business (course)
56
EP 95-0130 Revision 0 1 August 1996
Glossary of terms and abbreviations used This page intentionally left blank.
EP 95-0130 Revision 0 1 August 1996
57
HSE Manual EP 95-0130 References
References 1
Internal Audit Guidelines (December 1995)
2
Statement of General Business Principles (July 1994)
3
Business Control Guidelines (January 1992)
4
HSE Management System (September 1994)
5
EP Business Model - Version 3 - EP 95-7000 (August 1995)
6
EU Environmental Management and Audit Regulation
7
EP Guideline on Audits and Reviews EP 93-1600 (November 1993)
8
EP Business Governance Guide (July 1996)
9
Audit and Review Services Guide - EP 96-2021 (Final Draft July 1996)
58
Revision