Tor Exploration Directorate HSE MS Audit

ToR Exploration Directorate HSE MS Audit / 2011 /

TERMS OF REFERENCE: PDO Level 1 HSE MS Audit Exploration Directorate HSE MS Audit

Type of Audit / Level 1 HSE MS Audit
Sponsor / MSEM
Auditee(s) / Intisaar Al-Kindy / Exploration Director / XD
Facility Audit coordinator / Mahmood Al-Jassasi / HSE Team Lead / XPS
HSE Manager / Naaman Naamany / HSE Manager / MSEM
Audit Manager / Saeed Maamary / Head HSE Corporate Planning / MSE5
Lead Auditor / Jacob Varghese / Consultant
Audit Team / Saeed Al-Yarubi / Senior Operation Geophysicist / XPO1
Ali Rafeet / OSD Area HSE Advisor / OSSM
Hamed Al-Farsy / EMC Rep & Critical Spares Coordinator / OSO66
Maher Nabulsi / Area HSE Manager (Jordan & Syria) / SHELL
Younis Al-Hinai / Corporate HSE Auditor / MSE53
Follow Up co-ordinator / Mahmood Al-Jassasi / HSE Team Lead / XPS
Peer Reviewer / Saeed Maamary / Head Corporate HSE Planning / MSE5
Locations to be covered / MAF, Ardisies, BGP, Fugro, Shuram, CGGVeritas
Period of Audit / 31st December 2011 – 11th January 2012
Date Issued / Draft Rev 2: 21st November 2011

Objectives

The objectives of the audit are:

To appraise the completeness of the HSE Management with respect to the Exploration Directorate againstPDO HSE Policies, Objectives, Standards and Procedures.
To assess the adequacy & effectiveness of the HSE Management with respect to Exploration Directorate.
Where weaknesses are identified, to provide recommendations and guidance on what is expected and needed to demonstrate adherence to the PDO’s HSE Policy and Standards.

Scope

The scope includes all activities, processes and facilities under the operational control of Exploration Directorate and interfaces including other business activities, contractors & projects.

Not every aspect of each process or facility will be audited, as the audit is “risk-based” (see methodology described below). Sample areas will include activities and processes of PDO and Contractor/subcontractor at offices and sites.

Specific focus areas have been defined for HSE-MS audits, although these may not be exhaustive:

HSE Risk Management – Common Processes
(These key common risk controls are to be tested where relevant for each of the risk areas in scope below) / Completeness of the inventory of hazards and controls
Identification of HSE critical activities, roles and responsibilities
HSE Competency
Permit To Work
Management of Change
Adequacy of emergency response plans
Incident investigation and follow-up
HSE Leadership and Culture
Assurance processes including BAL & self assurance
Asset integrity and Process Safety / Design including application of process safety basic requirements
Technical authorities
Asset manager role accountability and responsibilities
Competence for HSE critical positions and assurance
Operating integrity
Identification, maintenance, inspection and control of HSE critical equipment and
assurance
Environment / ISO 14001
IIA &Risk management plan
Waste Management
Permits
Personal Safety / Working Safely (Life Saving Rules / Golden Rules)
Personal Protective Equipment
Supervision including observation and intervention programmes
Specific Work Site procedures and safe working practices established as follows:

Confined Space Work
Working at Height
Safe Isolation of plant and equipment
Excavation
Lifting and Hoisting
Others as relevant

Contractor HSE-MS / Contractor HSE risk assessment and controls
Contract assessment and award
Monitoring contractor performance
Occupational Health & MER / HRA
Fitness to Work
Product Stewardship
Human Factors Engineering
Medical Emergency Response
Transportation – (land) / Implementation of an adequate Road Safety Standard covering drivers, vehicles and journey management. Professional drivers and high road safety risk areas.
Social Performance / Impact assessments of project on communities and other stakeholders
Plans in place to minimise negative impacts of business activities and maximise positive impacts
Respectful engagement maintained with stakeholders through business lifecycle

Standards

The audit will be carried out against the following standards:

PDO’s HSE Commitment and Policy.
Oman’s laws and regulations.
PDO’s HSE Management system, manuals and procedures.
The Shell Group Standards where formal use of those are referenced. Otherwise, these may be used as examples of authoritative good practice.

Schedule

The audit takes place in the period from 31st December 2011to 11thJanuary 2012and will include the weekends as working days.

A proposed schedule containing details on the proposed site fieldwork and interviewees will be sent and agreed separately. The auditee will submit the organisational chart and general site processes description to the lead auditor to allow for the schedule to be made specific to the auditee’s organisation as detailed in their HSE-MS.

The facility/business unit shall finalise and agree the draft schedule 2 weeks prior to the audit. During the execution of the audit the audit leader may request to modify the schedule to accommodate additional interviews or sample locations.

Interviews shall generally be conducted in the workplace of the interviewee (e.g. offices of management, workshops of maintenance persons, control rooms of operations persons). Arrangements shall be requested for detailed inspections of facilities consisting of “walk-throughs” of operating areas (to be determined) and including storage facilities, areas for waste treatment and hazardous waste storage.

The facility shall provide the necessary personal protective equipment (PPE).

The schedule will include adequate time set aside for the audit team at the facility for clarification and draft report writing.

Event / Day / From
Audit team brief / 1 / 31st December, 2011
Opening Meeting lead auditor, presentation Auditee / 1 / 31st December, 2011
Interviews / 1-9 / 31st Dec 11 – 8 Jan 12
Field Work Starts / 2-9 / 1st Jan – 8 Jan 12
Field Work Ends / 9 / 8th Jan, 2012
Draft Audit Findings / 10 / 9th Jan, 2012
Independent Review / 11 / 10th Jan, 2012
Review agreed findings with Auditee / 12 / 11th Jan, 2012
Close-Out Meeting / 12 / 11th Jan, 2012
Draft Report Issued to Auditee / - / 18th Jan, 2012
Responses from Auditee to be returned to Audit Team / - / 8th Feb, 2012
Final Report Issued / - / 15th Feb, 2012

Methodology

The audit will be conducted in accordance with the methodology described in this ToR. Findings shall be classified and the acceptability of Risk Area Controls assessed in accordance with the criteria shown below (refer page 5).

To facilitate the efficient and effective execution of the audit, it is required that the HSE hazard register, organisation charts, site & process descriptions and key elements of the current HSE Management System documentation (including the relevant HSE cases, Health Risk Assessment (HRA), etc)to be submitted to the Audit Team. This will allow a review of the auditee’s arrangements and enable set-up of the audit to ensure focus on the areas likely to represent the highest risk to the business.

The methodology will use a “risk-based” approach and a general auditing approach in line with good industry practice. Team members will gather information by field observation, through interviews and including checks of hardware and documentation. Audit evidence will be based upon sampling of the available information and therefore should not be considered all-inclusive or exhaustive. Conscientious efforts will be made to verify findings and to confirm the validity of recommended actions. Where judgement is required, the result will be determined by consensus within the audit team.

Audit Findings Classification

Classification of the audit findings shall be in accordance with the Risk Assessment Matrix (Figure 1) or if necessary with the Rating Level table (Table 1).

CONSEQUENCES / INCREASING LIKELIHOOD
A / B / C / D / E
SEVERITY / People / Assets / Environment / Reputation / Never heard of in the industry / Heard of in the industry / Has happened in the Organisation or more than once per year in the Industry / Has happened at the Location or more than once per year in the Organisation / Has happened more than once per year at the Location
0 / No injury or
health
effect / No
damage / No
effect / No impact
1 / Slight injury or health effect / Slight damage / Slight effect / Slight impact / LOW
2 / Minor injury or health
effect / Minor damage / Minor effect / Minor impact / MEDIUM
3 / Major injury or health
effect / Moderate damage / Moderate effect / Modrate impact / HIGH
4 / PTD or upto 3 fatalities / Major damage / Major effect / Major impact / SERIOUS
5 / More then 3 fatalities / Massive damage / Massive effect / Massive impact

Figure 1: Risk Assessment Matrix for Audit Findings

The RAM will not be applied for any legal or regulatory compliance findings. The latter are given a Compliance (C) rating.

Weakness Level / Definition
Serious (S) / The finding is likely to cause a high undesirable effect on the achievement of the entity’s objectives and / or is likely to have a notable impact on other PDO entities, therefore warranting immediate reporting to senior management.
High (H) / The finding is likely to cause a high undesirable effect on the achievement of one of the entity’s objectives, warranting reporting to the auditee’s management.
Medium (M) / The finding is likely to cause a measurable undesirable effect on the achievement of one of the entity’s objectives.
Low (L) / The weakness is unlikely to have a measurable impact on the entity’s objectives, but its correction would enhance the risk based control framework.

Table 1 Rating Level table

All findings are to be classified based upon the professional judgment of the audit team. When the RAM is used to classify a finding, the risk criteria (e.g. P(eople)-4B, A(sset)-3D) shall be included in the report table along with the rating level (e.g.: Serious, High, Medium, Low). The primary criterion for rating each finding is the adequacy of the control for the risk as defined in the Asset’s relevant Health Hazard register.

Overall Assessment of HSE Risk Controls and Audit Rating

No audit opinion will be provided. Assessments of the HSE Risk Controls areas will be indicated by reference to three possible categories:

Controls Acceptable

None, or a few Low and/or Medium rated findings are reported which indicate that a “once-off” rather than process or system structural weaknesses is present or that general enhancement of the controls, process or system framework is not needed.

Controls Need Improvement

Some Medium and / or one or more High rated findings are reported which indicate a weakness in key controls / barriers or in a part of the process or system structural framework.

Controls Need Major Improvement

Three or moreHigh and/or one or moreSerious rated findings are reported indicating failures in key controls / barriers or across a significant part of the process or system structural framework.

A further qualitative description will be provided as part of the Summary and Conclusions, to summarize the overall outcome and highlighting the control areas where findings are identified. This will include a table that depicts a reference to each finding and the Control Acceptability assessment for each Risk Area with control acceptability assessments for those HSSE-MS element areas only where systemic issues are identified and observed across multiple risk management areas, as per below example.

During the audit the audit team may come across weaknesses in risk control areas, which have already been identified by the auditee. In some of these cases the auditee may be able to claim ‘work-in-progress’ (WIP) when the following criteria have been met:

Relevant issues and actions are identified and documented prior to the start of the audit.
For these issues and actions an implementation plan was already in place prior to the start of the audit with milestones set and resources allocated together with evidence of implementation having begun.
During the audit, the follow-up process was found to be satisfactory, taking into account the track record of the business in closing out action items.
Interim mitigations to control the risk area are in place, and deemed effective by the audit team.

Where testing by the audit team proves that the above criteria can be met, reliance can be placed on the existing process. No specific findings shall be raised for these issues in the audit report, however, due reference will be made in the executive summary of the audit report as to the degree of reliance that was placed on the process and highlighted in the control acceptability matrix (example CAM, table 2). Such issues will also not have major impacts on the opinion. Where one of the above criteria has not been met, reliance cannot be placed on the process. Another finding will therefore be raised to ensure that relevant actions are taken. The audit opinion will take such audit findings into account.

Table 2 Control Acceptability Matrix (CAM)

Report

The draft Audit Report shall undergo a peer review prior to the discussion with the Auditee.

The team will present the audit results to the auditee and their management at the conclusion of the audit. This closing meeting or presentation shall be conducted at the end of the audit or as pre-arranged between the Auditee and the Lead Auditor. The purpose of this meeting is to formally communicate the findings and the assessment of the acceptability of controls to the Auditee and the management team and to ensure clarity of understanding. The findings, associated classifications, and acceptability of controls shall be considered “frozen” and only editorial changes allowed may be considered. The Audit Leader may also be asked by the Auditee to present the audit results to wider audience.

Within 7 days of the audit conclusion, the Lead Auditor shall send a “Draft for Review” copy of the Audit Report to the auditee. The auditee will work with his/her organisation to define the most appropriate way to address the findings and recommendations, assign the action party and determine the planned completion date. The auditee shall have 14 days to comment and to complete the “Action”, “Action Party” and “Due Date” fields for each of the findings / recommendations. The lead auditor will review the actions and timings proposed by the site and will request clarification if required to ensure that actions do address the audit findings. When substantial agreement has been reached on the contents of the report, the report will become Final.

Where agreement on findings or appropriate actions to address findings and/or recommendations cannot be reached, the Lead Auditor may discuss with the next level of management of the Auditee’s business and agree a forward plan to resolve the issue. In cases where resolution between the auditor and auditee / auditee’s line management cannot be reached, they shall be escalated to the Audit Sponsor. If the disputed area cannot be resolved, the Lead Auditor view will prevail although the Auditee will have the right to insert a management comment to provide his/her point of view (on the appropriateness of actions only).

Once the report is completed, it shall be distributed as agreed with the Auditee as shown in these Terms of Reference.

Report-Distribution

The final report distribution will be as shown in appendix A below.

Logistics

Concerned areas must ensure that:

The necessary personal protective equipment (PPE).
IT authorization for audit team to access local data files
A lockable office with sufficient space, desk/table area, and chairs for the audit team and sufficient wall space to display several flipcharts
Flip chart holder with paper, ink markers, and 3M type “post-it” or “sticky pads”
Computer connection to electronic system which documents are stored (e.g., local intranet, shared folders)
Computer projector (beamer)
Permission and permit (including gas testing as required) to take photographs on site.

HSE-MS Documentation Request

Documentation including, but not limited to the following may be requested during the audit planning and implementation process.

1.Organisation Charts

2.General description & process overview

3.HSE Hazard Register

4.HSE Case

5.Health Risk Assessment

6.HSE Plans

7.HSE Audit Programme and Schedule

8.Reports of recent HSE related audits and reviews

9.Follow up records for past audits

10.Accident and incident reports

11.Contractspecific documentations as requested

Relevant Contract specific documentation and records may be requested during the audit planning and implementation process.

Appendix A.Distribution list

Level 1 HSE MS Audit –Exploration Directorate ToR Rev 1Page 1