Document Title: Corporate HSE Audits

/ Petroleum Development Oman LLC / Revision: 1.1
Effective: Apr-12

Petroleum Development Oman L.L.C.

Document Title: Corporate HSE Audits

Document ID / PR-1969
Document Type / Procedure
Security / Unrestricted
Discipline / HSE MS Audit
Document Owner / Corporate Function Discipline Head- Audit
Month and Year of Issue / April 2012
Version / 1.1
Keywords / Audit

Copyright: This document is the property of Petroleum Development Oman, LLC. Neither the whole nor any part of this document may be disclosed to others or reproduced, stored in a retrieval system, or transmitted in any form by any means (electronic, mechanical, reprographic recording or otherwise) without prior written consent of the owner.

Document Authorisation

Document Owner / Document Custodian / Document Author
Name in full: Naaman Naamany
Title: Corporate SE Manager
Date: 01/04/2012 / Name in full: Saeed Maamary
Title: Head HSE Corporate Planning
Date: 31/3/2012 / Name in full: Younis Hinai
Corporate HSE Auditor
Date: 27/3/2012

Revision History

The following is a brief summary of the four most recent revisions to this document. Details of all revisions prior to these are held on file by the Document Custodian.

Version No. / Month & Year / Author’s Name and Title / Scope / Remarks
1.0 / Jan 2012 / Younis Hinai
Corporate HSE Auditor / New Corporate Audit procedure Issued
1.1 / March 2012 / Younis Hinai
Corporate HSE Auditor / ·  Minor text edits
·  Drop of use of Risk Assessment Matrix
·  Inclusion of action close-out time-frame in table 3

User Notes:

1.  The requirements of this document are mandatory. Non-compliance shall only be authorised by a designated authority through STEP-OUT approval as described in this document.

2.  A controlled copy of the current version of this document is on PDO's live link. Before making reference to this document, it is the user's responsibility to ensure that any hard copy, or electronic copy, is current. For assistance, contact the Document Custodian.

3.  Users are encouraged to participate in the ongoing improvement of this document by providing constructive feedback.

Related Business Processes & CMF Documents

Related Business Processes

Code / Document Title
CP-122 / HSE MS

Parent Document(s)

Doc. No. / Document Title
PL-04 / HSE Policy
PL-10 / Security & Emergency Response Policy

Other Related CMF Document(s)

Doc. No. / Document Title
CP-142 / Internal Audit Code of Practice
PR-1712 / Level 3 Audit

The related CMF Documents can be retrieved from the Corporate Business Control Documentation Register CMF.

TABLE OF CONTENTS

1 Introduction 6

1.1 Purpose and Objectives 6

1.2 Scope and Applicability 6

1.3 Review and Improvement 6

1.4 Distribution 6

2 Roles and Responsibilities 7

2.1 Roles and Responsibilities 7

2.2 Step-out Approval 8

3 Procedure 9

3.1 Overview 9

3.2 Develop Audit Program 9

3.2.1 Level 1 HSE Audits 9

3.2.2 Level 2 HSE Audits 10

3.2.3 Level 3 HSE Audits 10

3.3 Audit Execution 11

3.3.1 Initiate the audit 11

3.3.2 Conduct document review 12

3.3.3 Prepare for audit activities 12

3.3.4 Conduct audit activities 13

3.3.5 Prepare Audit Report 15

3.3.6 Conduct Audit Follow Up 16

4 Auditor selection criteria 17

5 Performance Standards, Monitoring, and Reporting 18

5.1 Performance Standards 18

5.2 Performance Monitoring Requirements 18

5.3 Reporting Requirements 18

6 Appendices 19

6.1 Definitions 19

6.2 Abbreviations 19

6.3 Key References 20

6.4 Formats and Templates 20

6.5 Additional Information 20

Tables

Table 1: Level 1 HSE audits program 9

Table 2: Level 2 HSE Audits program 10

Table 3: Classification of audit findings 14

Table 4: Controls assessments color coding 15

Table 5: HSE audits program compliance 18

Table 6: HSE audits action close out status 18

Figures

Figure 1: HSE Audit Hierarchy 6

Figure 2: Overview of audit activities 11

1  Introduction

1.1  Purpose and Objectives

This procedure is required to define the levels of HSE MS Audit and the methodology to manage them.

1.2  Scope and Applicability

This procedure applies to all levels of HSE Management Audits in PDO.

PDO has a three-tiered Audit hierarchy as explained in the diagram below:

Figure 1: HSE Audit Hierarchy

1.3  Review and Improvement

This procedure needs to be reviewed every three years as a minimum but if there are major changes affecting the auditing practices, it will be reviewed as frequently as required.

1.4  Distribution

This procedure will be hyperlinked to the HSE MS of PDO and made accessible to all PDO personnel and any other parties tasked with carrying out work covered by this procedure on behalf of PDO.

2  Roles and Responsibilities

2.1  Roles and Responsibilities

Audit Manager

For Level 1 Audits: Head Corporate HSE Planning and Audits.

For Level 2 Audits: Respective Directorate HSE Team Leader.

For Level 3 Audits: Process/Activity Owner.

The Audit manager is responsible for

·  Establishing a risk based annual audit program

·  Obtaining approval for the audit program – Internal Assurance committee (IAC) and Business Assurance Committee (BAC) for level 1 and Director/Asset manager for levels 2 and 3.

·  Implementing audit program.

·  Appointing audit leader and team members.

·  Appointing, if required, an independent reviewer.

·  Evaluating and developing auditors

·  Reviewing and improving audit program

·  Approving the Terms of Reference (ToR) and the Audit Report.

·  Performing supervisory oversight of Audit Teams.

·  Providing periodic analyses/reports to the IAC/BAC for Level 1 Audit and Asset Director for Level 2 Audits

·  Monitoring the quality of audit delivery.

Lead Auditor

·  Leading the Audit Team and managing the audit delivery process to achieve stated deliverables, according to the scope and time estimate in the agreed ToR.

·  Reviewing the audit work carried out by the Auditors and ensuring that Auditors properly conclude on the work performed.

·  Acting as the primary contact for the Auditee.

·  Preparing the draft ToR, the Audit plan and the Audit Report.

·  Ensuring full compliance with the ToR and this procedure in all steps of the audit Process.

·  Confirming audit dates, duration and resource requirements with Auditee.

Auditor

·  Preparing and participating in the audit teams.

·  Carrying out allocated audit work and taking responsibility for the work carried out.

·  Fully complying with the Audit ToR and in all steps of the Audit Process.

Independent Reviewer (by invitation)

·  Reviewing the ToR, the Audit Programme and the Audit Report, ensuring that the Audit Assessment and Audit Findings are sufficiently substantiated and is responsible for issuing an Independent Review to the Audit Lead before Close out meeting.

Principal Auditee

·  Reviewing and agreeing the ToR and the plan for the audit

·  Nominating Audit facilitator and follow up coordinator

·  Supporting the Audit Process, ensuring availability of people, access to facilities, documents and records for the audit

·  Attending Opening and Closing Meetings

·  Considering audit recommendations, identifying actions to address the root causes of the findings, action parties and target dates.

·  Ensuring that the agreed actions are closed as per plan

Follow up coordinator

·  Inputting agreed actions, action parties and target dates in data management system (Fountain/equivalent) and reporting close out status to the Auditee.

Action party

·  Confirming ownership to the given action and the target completion date.

·  Ensuring timely close-out of actions with supporting evidences.

2.2  Step-out Approval

This procedure is mandatory and any deviation to this procedure must be authorised by the Head corporate HSE planning and audit. The Terms of Reference for an audit duly approved by the Audit Manager may, however, override the requirements of Sections 3.3 and 4.0.

3  Procedure

3.1  Overview

Level 1, Level 2 and Level 3 Audits are carried out to:

-  Determine whether or not the elements and activities of PDO’s HSE Management System conform to the planned arrangements and are being implemented effectively.

-  Determine whether or not PDO’s HSE Management System is fulfilling the Company’s HSE policy, objectives and performance criteria.

-  Determine whether or not PDO’s HSE Management System complies with the relevant legislative and regulatory requirements.

-  Identify areas for improvement in PDO’s HSE Management System, with the aim of progressively improving the HSE Management System.

-  Enable management to ensure that potential or actual flaws in the system are remedied through effective follow-up action.

3.2  Develop Audit Program

All business processes should be periodically audited, with the frequency and depth of HSE auditing being determined based on:

•  The level of risk for the process/activity.

•  How critical the process or activity is, in relation to PDO’s business objectives.

•  The statutory, regulatory and contractual requirements.

•  The contribution or potential contribution of the activity concerned to PDO’s overall HSE performance.

•  The results of previous audits.

•  All business processes activities and assets should be audited within the audit cycle. The audit cycle should not be longer than five years, as it is likely that major changes (such as asset, staff, mode of operations, organization, etc) may have taken place during that time.

3.2.1  Level 1 HSE Audits

Includes HSE audits conducted on behalf of PDO’s IAC and BAC as part of the Integrated Audit Program, and also includes independent audits carried out by external bodies such as ISO 14001 certification audits.

ACTION / RESPONSIBILITY
Identify HSE Audit Units (assets, services, projects and functions) that have a risk potential to affect the Company’s HSE objectives) / Audit Manager
Prepare yearly and five-yearly Level 1 HSE Audit program based on the risk potentials / Audit Manager
Review and approve Level 1 HSE Audit Program / IAC & BAC
Direct and review the development and implementation of the Corporate HSE Audit Program / Corporate Safety and Environmental Manager
Incorporate the Level 1 HSE Audit Program into Corporate HSE Business Plan / Audit Manager
Provide resources to manage the audit and lead the plan execution / Corporate Safety and Environmental Manager
Implement level 1 HSE audit program / Audit Manager
Report level 1 HSE audit and action status to IAC/BAC / Audit Manager
Monitor level 1 audits and actions / IAC & BAC

Table 1: Level 1 HSE audits program

3.2.2  Level 2 HSE Audits

Includes HSE audits carried out on behalf of Asset Directors as part of their own Asset Level assurance processes and included in the Asset HSE Plan.

ACTION / RESPONSIBILITY
Coordinate development and implementation of the Asset HSE Audit Programme / Asset Director
Identify HSE Audit Units (areas, services and functions) that have a risk potential to affect the Asset’s HSE objectives / Asset HSE Team Leader
Prepare yearly Level 1 HSE Audit program based on the risk potentials. / Asset HSE Team Leader
Review and approve Level 2 HSE Audit Program / Asset director
Incorporate the Level 2 HSE Audit Program into directorate HSE Business Plan / Asset HSE Team Leader
Implement level 2 HSE audit program / Asset HSE Team Leader
Report level 2 HSE audit and action status to director / Asset HSE Team Leader
Monitor level 2 audits and actions / Asset director

Table 2: Level 2 HSE Audits program

3.2.3  Level 3 HSE Audits

Includes planned and documented task verification activities to supplement the formal HSE audit process. This is planned and managed by the managers of areas, services and functions to assure compliance to requirements and procedures in processes. PR-1712 - Level 3 Audit details the methodology for Level 3 Audits.

3.3  Audit Execution

Figure 2: Overview of audit activities

3.3.1  Initiate the audit

·  appoint the audit team leader for the specific audit.

·  establish and seek agreement from the principal auditee the ToR for each audit that should specify, as a minimum:

§  Audit Objectives

§  Scope of the Audit

§  Timing and duration of Audit

§  Name and position of the Principal Auditee

§  Audit Team Leader

§  Audit Team Members

§  Audit Methodology

§  Audit follow up coordinator

§  Audit report Distribution

·  Select audit team

Majority of Personnel on the audit team must be independent of the facility or process audited, and may be sourced from within PDO or externally. People conducting HSE audits should be able to carry out the task objectively, impartially and effectively.

Audit Manager selects the audit team members so that their training, skills and knowledge are appropriate to the audit type and scope.

·  Establish initial contact with the auditee by either audit manager or audit team leader to:

§  Establish communication channels with the auditee’s representative(s)

§  Confirm the authority to conduct the audit

§  Provide information on the proposed timing and audit team composition

§  Request access to relevant documents, including records

§  Determine applicable site safety rules

§  Make arrangements for the audit

§  Agree on the attendance of observers and the need for guides for the audit team.

3.3.2  Conduct document review

·  Auditee’s documentations should be reviewed to determine the conformity of the system, as documented, with audit ToR. The documentation may include relevant management system documents and records as well as previous audit reports.

3.3.3  Prepare for audit activities

·  Audit team leader should prepare the audit schedule to provide the basis for the agreement among the auditee and audit team regarding the conduct of the audit. The schedule should cover the following:

§  Organisational and functional units and processes to be audited

§  Dates and places where audit activities are to be conducted