Nimonik has seen a wide variety of internal Health, Safety, Environmental and Quality (HSEQ) audit programs. They seem to come in all shapes and sizes! Each company tends to focus on different risks and controls.
Whether your organization conforms to ISO 19011 or another internal audit standard, re-focusing your internal audit program on your risks, controls, and operational reality is a key driver for operational excellence.
On March 14th, John Wolfe shared insights from over 20 years as a hands-on HSE Director and as the Sr. Director of Operations Integrity Audit for a global Oil & Gas company. John outlined the attributes of an outstanding Internal audit program. He showed you how you can build out a program tailored to your operations and add tremendous value to your business.
Firstly, it will be clarify some of the misunderstandings of some of the fundamental audit concepts and principals that are implemented during the audit or planning of the audit program, focusing on audit guidelines, auditor principles, audit process principles and types of audits. Furthermore, gaining understanding of the management and preparation of an ISO 9001 audit through audit program pillars, good audit practices and prepared work documents and checklists. Outline how to conduct and close an ISO 9001 audit in a professional manner with the precise audit review.
Main points covered:
• Fundamental audit concepts and principles
• Managing an ISO 9001 audit program
• Preparation of an ISO 9001 audit
• Conduct of an ISO 9001 audit & Closing the audit
Presenter:
This webinar was presented by Kefah El-Ghobbas, PECB Certified Trainer and Organizational Development expert and operations manager at TURBO CARBO.
Link of the recorded session published on YouTube:https://youtu.be/kK8pAc3QM5E
Global Manager Group has prepared presentation to provide information regarding ISO 37001 documentation requirements for Anti-Bribery Management System Certification. It described all primary documents like manual, procedures, policy, audit checklist, etc in details.
For further information about ISO 37001:2016 documentation requirements visit @ https://www.globalmanagergroup.com/
How to get prepared to an internal audit?
The easiest way to be prepared to an audit, is by knowing the questions in advanced, that you are going to be asked, or GOING to ask.
Save time on preparation, by download ISO 9001 standard, 2015 version check list,
which contains the standard sections + questions for each one.
This check list is a good basis for other ISO standards, and it not only help you to get prepared fast, but you can use it as the audit report.
Firstly, it will be clarify some of the misunderstandings of some of the fundamental audit concepts and principals that are implemented during the audit or planning of the audit program, focusing on audit guidelines, auditor principles, audit process principles and types of audits. Furthermore, gaining understanding of the management and preparation of an ISO 9001 audit through audit program pillars, good audit practices and prepared work documents and checklists. Outline how to conduct and close an ISO 9001 audit in a professional manner with the precise audit review.
Main points covered:
• Fundamental audit concepts and principles
• Managing an ISO 9001 audit program
• Preparation of an ISO 9001 audit
• Conduct of an ISO 9001 audit & Closing the audit
Presenter:
This webinar was presented by Kefah El-Ghobbas, PECB Certified Trainer and Organizational Development expert and operations manager at TURBO CARBO.
Link of the recorded session published on YouTube:https://youtu.be/kK8pAc3QM5E
Global Manager Group has prepared presentation to provide information regarding ISO 37001 documentation requirements for Anti-Bribery Management System Certification. It described all primary documents like manual, procedures, policy, audit checklist, etc in details.
For further information about ISO 37001:2016 documentation requirements visit @ https://www.globalmanagergroup.com/
How to get prepared to an internal audit?
The easiest way to be prepared to an audit, is by knowing the questions in advanced, that you are going to be asked, or GOING to ask.
Save time on preparation, by download ISO 9001 standard, 2015 version check list,
which contains the standard sections + questions for each one.
This check list is a good basis for other ISO standards, and it not only help you to get prepared fast, but you can use it as the audit report.
Global Manager Group provides HSE documentation kit for integrated ISO 14001:2015 and ISO 45001:2018 Certification. This documentation kit described list of mandatory documents like manual, procedures, audit checklist amd more requirement for Environment, Occupational, Health and Safety Management System
For more details visit our website: https://www.globalmanagergroup.com/
Annex SL Training for ISO 9001:2015. & ISO 14001:2015.Robert Clements
Annex SL is the future of ISO standards.
As a consultancy Assent Risk Management have been lucky to experience two Annex SL based standards: ISO 27001:2013 and ISO 22301:2012.
Here we make our internal best practice training Powerpoint available publically for those who are experiencing Annex SL for the first time.
We hope it helps!
The Checklist contains explanations and recommendations that:
- Facilitate the audit;
- May serve as a guide in the transition to the new version of ISO 9001: 2015 using 'fill the gap' methodology;
- Allow for QMS self-assessment for compliance with ISO 9001: 2015;
- Facilitate learning and understanding of the new version of ISO 9001:2015 requirements
- User-friendly format and professional layout - reviewed and approved by experienced ISO 9001 quality auditors.
- 72 pages
The presentation provide a simple and clear explanation to all aspects of ISO : 14001 Environmental Management System for a manufacturing organization with thrust for line managers.
Global Manager Group provides HSE documentation kit for integrated ISO 14001:2015 and ISO 45001:2018 Certification. This documentation kit described list of mandatory documents like manual, procedures, audit checklist amd more requirement for Environment, Occupational, Health and Safety Management System
For more details visit our website: https://www.globalmanagergroup.com/
Annex SL Training for ISO 9001:2015. & ISO 14001:2015.Robert Clements
Annex SL is the future of ISO standards.
As a consultancy Assent Risk Management have been lucky to experience two Annex SL based standards: ISO 27001:2013 and ISO 22301:2012.
Here we make our internal best practice training Powerpoint available publically for those who are experiencing Annex SL for the first time.
We hope it helps!
The Checklist contains explanations and recommendations that:
- Facilitate the audit;
- May serve as a guide in the transition to the new version of ISO 9001: 2015 using 'fill the gap' methodology;
- Allow for QMS self-assessment for compliance with ISO 9001: 2015;
- Facilitate learning and understanding of the new version of ISO 9001:2015 requirements
- User-friendly format and professional layout - reviewed and approved by experienced ISO 9001 quality auditors.
- 72 pages
The presentation provide a simple and clear explanation to all aspects of ISO : 14001 Environmental Management System for a manufacturing organization with thrust for line managers.
Risk Assessments Best Practice and Practical Approaches WebinarAviva Spectrum™
Risk assessments are the primary component when planning, executing and delivering value in an internal audit. They are the building blocks of your internal audit activities and operational audit program. Sonia Luna CPA, CIA, CEO of Aviva Spectrum and Monica Raffety, CIA
Senior Manager, Financial Controls at Kaiser Permanente will help you to:
Understand risk assessment tools available
Learn how and when to apply risk assessment techniques
Leverage different forms of quantitative and qualitative analysis techniques
Learn when to deviate from risk assessment templates with a memo or scoring
Understand what external auditors, management and the Board need to know when executing a risk assessment.
Understand how risk assessment impact the internal audit activities, from walkthroughs to testing
According to Worldometers' estimates for 2022, New Zealand has a population of roughly 4.9 million people. Christianism is the predominant religion in the nation, and English and Maori are the two most widely spoken languages.
New Zealanders typically think of themselves as being accepting of new concepts, diversity, and change. Most New Zealanders are proud of the historically predominately liberal social attitudes in their nation (for instance, New Zealand was the first nation in the world to grant women the right to vote). Most New Zealanders make an effort to be understanding and tolerant of most differences.
Oliver Laloux's The 'One Approach' - Integrating Risk Management, Governance ...SAMTRAC International
Across most industries, governance, compliance and risk management, health and safety management, environmental management, and other related disciplines have been dealt with in silos, without little or no integration. This approach will be discussed during this presentation along with possible solutions.
Comprehensive Compliance for Environmental, Safety, Quality Requirements in C...Nimonik
Nimonik has 7 step process to ensure thorough and comprehensive regulatory compliance for environmental, occupational health and safety and quality requirements for your organization. By following these steps, you will reduce your operational risk and optimize your processes to become a proactive compliance company. This presentation also covers compliance risks such as accidents and penalties, challenges that organizations face along with a case study of Lac Megantic Oil Train Car disaster in July 2013 that killed 47 people and spilled 6 million litres of oil.
Hanrick Curran Audit Training - Internal Controls - March 2013Matthew Green
Training delivered to assisting audit staff as part of their continuing professional development/education (CPE/CPD). Provided in a 60 minute session with substantial discussion and interaction.
Scalable & Integrated Program Audit is an effective Auditing framework for handling large complex programs/ practices in organization, which works on Value Generation, Compliance, capability and Risk evaluation principles.
The new draft of ISO14001 makes some fundamental changes to the current standard. This presentation explores the key strategic changes and legal compliance aspects.
This past week, I gave a talk in Toronto on the impacts of artificial intelligence on compliance and regulatory analysis. The technology in ChatGPT and other tools continues to evolve at a breakneck pace. A few tasks that compliance professionals can already automate with AI include:
Summarize regulatory documents
Pinpoint requirements in regulatory documents
Determine applicability of regulatory documents
Write policies, procedures, standard work and other documentation to maintain compliance
And much more!
Sounds too good to be true? Contact us to get a live demo of how Nimonik is using artificial intelligence to save companies tens of thousands of dollars in compliance costs. No need for expensive compliance software, we can help you streamline your systems and cover a broad range of topics - quality, ehs, cybersecurity, human resources, power transmission and other highly regulated areas of your business.
To learn more about leveraging these technologies to reduce your compliance costs, contact us at info@nimonik.com today!
An overview of the regulatory monitoring, obligation management and other services that Nimonik inc. offers to companies around the world.
Learn how to become a proactive compliance organization.
Calgary Oil & Gas Regulatory and Standards Day January 18th 2023Nimonik
On 18th January 2023, Nimonik Inc. hosted the inaugural “Calgary Oil & Gas Regulatory and Standards Compliance Day”. During the event, we covered newly published topics, upcoming regulatory changes for the oil & gas industry, and best practices for compliance management. The event attendees also had the opportunity to connect with industry peers and share compliance challenges.
Build a business case for compliance March 2022Nimonik
One company, one compliance approach – that is what Nimonik recommends. Too many companies take a siloed and ad-hoc approach to compliance. With growing compliance issues across privacy, trade, cyber-security, environmental, safety and other areas – this whack-a-mole approach is no longer tenable. This webinar discusses how to build a business case for taking a disciplined approach to management systems and compliance.
Recording: https://nimonik.com/2022/03/build-your-business-case-for-a-centralized-comprehensive-compliance-program/
ESG and Compliance: Where do we go from here?Nimonik
Environment, Social and Governance (ESG) issues are taking on more and more presence in the corporation's planning and strategy. This presentation discusses emerging trends, potential paths forward and challenges with staying in compliance to the myriad of ESG standards and requirements.
State of Compliance 2021 at Mid-Market Firms - NimonikNimonik
Nimonik.com recently conducted a survey of 100 compliance and risk professionals in the US, USA and in China. The participants were from mid-market firms (500-15,000 employees) and were leaders within their organization. These insights show that there remains much work to be done to achieve comprehensive compliance across mid-market firms.
ISO 19600 Section 4.5 - Know your ObligationsNimonik
Organizations are required to systematically identify their compliance obligations along with the implications they have on their operations, products and services. Understanding the nature of these obligations and what is needed to meet them is essential to establishing an effective compliance program and contending with compliance risk.
Learning topics/objectives:
What we know about the virus, spread and impacts
Implications for business, health and safety management
Basics of infectious agents and routes of transmission
Assessing biological and occupational health exposures and risks
How to determining targeted, job-specific risk controls
Work through an example using a specialized COVID-19 biological risk assessment tool
https://nimonik.com
Tips and tricks for finding regulations, rules and other documents you need to comply with. This presentation has a video that can be found on the Nimonik website (link above)
19600 compliance management system guidelinesNimonik
Most organizations have a siloed approach to compliance with environmental, safety, quality, community engagement and other departments managing their compliance issues separately. Increasing fines, penalties and criminal proceedings for non-compliance are driving organizations around the world to change their approach to compliance management. ISO recently introduced a unified compliance management system, 19600. This standard has not yet been widely adopted, but there is a clear trend to try and centralize compliance obligations.
In this webinar, we discuss the best practices and guidelines for compliance management as described in the standard.
You will learn:
- the 7 elements that make up an effective compliance management system - Context of the organization, Leadership, Planning, Support, Operations, Performance Evaluation and Improvement
- In-depth details of each of the 7 elements
- Examples of how you can apply the recommendations at your organization
Presenter - Jonathan Brun, CEO Nimonik
Survey results - Centrally vs Locally managed complianceNimonik
We surveyed EHS professionals from large organizations and found out that leading organizations are shifting from locally managed compliance to centrally managed compliance. The main driver of this change is the need for the management to have direct oversight on compliance issues at facilities worldwide.
Continous compliance october 2019 webinar (2)Nimonik
Compliance can be broken down into three key questions:
- What are your requirements?
- What actions are you taking to meet your requirements?
- How do you verify the actions are effective?
These seemingly straightforward questions are surprisingly challenging to implement. Ultimately, your compliance program is only as good as your operational discipline which is only as good as your processes. So the real question is - Do your processes revolve around compliance or is compliance an afterthought?
This webinar will discuss the key steps to embed compliance in your processes. You will walk away with a toolkit on how to achieve continuous compliance across your operations.
Key Take-Aways:
- A structure to move from reactive to preventative compliance
- Tools to identify your processes that may have compliance issues
- How to convince upper management that continuous compliance drives efficiency
This webinar discusses the critical role compliance plays in avoiding EHS accidents and how the 10 recent industrial disasters in 'developed' nations were totally preventable had the organizations had a strong compliance program in place.
Process Area Site Assessments techniques for the ManagementNimonik
Safety is senior management's responsibility. Irrespective of the internal and external safety audits, they should go on site visits to see for themselves the safety culture at their organization. But some members of management are hesitant to go on site visits as they feel they lack the skills to evaluate risks and hazards.
In this slideshow, John Wolfe, himself part of management at Suncor Energy, shares best practices for site visits to help leaders go well-prepared for the site visits.
Air monitoring legislation is getting stricter. At the beginning of 2018, France made air monitoring mandatory in schools and daycares and the EU top court issued one last warning to the UK, Poland and seven other member states to respect air pollutant limits. Clearly, air monitoring is at the table now and organizations are under pressure to monitor air pollutants continuously.
In this webinar, indoor and outdoor air quality experts, Malak Rizk and Jean-Philippe Monfet provide a brief overview of the state of air quality in the US and the EU and then discuss ways to measure indoor and outdoor air pollutants and EPA recommended factors to keep in mind when choosing an air monitoring device.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
We all have good and bad thoughts from time to time and situation to situation. We are bombarded daily with spiraling thoughts(both negative and positive) creating all-consuming feel , making us difficult to manage with associated suffering. Good thoughts are like our Mob Signal (Positive thought) amidst noise(negative thought) in the atmosphere. Negative thoughts like noise outweigh positive thoughts. These thoughts often create unwanted confusion, trouble, stress and frustration in our mind as well as chaos in our physical world. Negative thoughts are also known as “distorted thinking”.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
What is the purpose of the Sabbath Law in the Torah. It is interesting to compare how the context of the law shifts from Exodus to Deuteronomy. Who gets to rest, and why?
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
3. Webinar Objectives
y’s Objectives
Share Knowledge:
Health, Safety, Environment, and Quality
Internal Audit Program Best Practices
Agenda
• Program drivers
• HSEQ Management Systems and where audits and assessments fit in
• Compliance obligations and risk management inputs to the auditing process
• Internal audit business processes
• The audit planning processes
• Frequently asked questions
Webinar Objective
3
4. Safety & environmental performance
is a continuing business risk
Why is an Operationally
Excellent Program Needed?
Fatalities and serious injuries persist
Safety process & programs costs are increasing
4
5. • A well integrated HSEQ management system framework, and
safety culture are a required foundation
• An effective Internal Audit Program can help identify best
practices and operational weaknesses
You are a powerful agent of change!
So What can We Do to Improve these Trends?
5
6. Look at Your Data - Trends and Critical Controls
6
8. Management System Framework
Company-wide BU/Functions Facility/Asset
Policy
Standards, Guidelines
Procedures, Instructions,
Specifications & Tools
OEMS Audit Focuses on the “How”
implemented to accomplish the “What”
Management Systems Hierarchy
10. Element
16
E2 E3 E13
E9
E17
Elements that Element
16 is dependent upon
Elements dependent on
Element 16 delivery
Multiple cross references
E1
0
E2 – Risk Management
E3 – Legal Req. & Commit.
E9 – Ops. & Mtce. Controls
E10 – Contractor Mgmt.
E13 – Comm. & Stake. Relations
E17 – Corrective Actions
Audit and Assessments: Interdependencies
10
11. Assessments
Internal;
Client - Business
Audits
Independent;
Client - Corporate or
external
Other
Monitoring
&
Assurance
Activities
Element 16
Day-to-day management
of controls
e.g. Internal controls, Inspections,
Checklists,
Quality Reviews,
Workplace Observations
Business
managed evaluation
e.g. OEMS Self-
assessments,
compliance reviews,
M&R Assessments
OIA
IA
External
Other Elements
E.G. 9, 14
Where Audits and Assessments Fit
11
13. Lack of Coordination across Risk Functions Can
Create Overlap, Redundancy and Increased Costs
Internal
Audit
Risk
Management
Business
unit
Business
unit
Business
unit
Business
unit
Compliance
Internal
Control
Information
Technology
Legal and
Regulatory
External
Audit
Board/senior management oversight
Audit
committee
Risk
committee
Other
committees
Siloed risk functions reduce value, increase costs, and impact business performance
14. Each Element has its own PDCA cycle
Compliance Obligations Data Inputs -
Note Each Element has its Own PDCA Cycle -
15. The Risk Management Process Data Inputs
Risk Assessment Model (Adapted from the ISO Risk 31000 STD)
Communicate & Train
Communication
Reporting
Training
Risk Structure &
Accountability
Risk Roles & Responsibilities:
Executive Leadership Team
Chief Risk Officer
Business & Function Leaders
& Management
Mandate & Commitment
Policy
Standards
Procedures/Guidelines
Measure, Review & Improve
Control Assurance
Policy
Standards & Guidelines
KPI’s
KRI’s
Risk management information to action
- Risk Assurance - Risk Registers
- Treatment Plan - Reporting Templates
Strategic Process
(Framework continuous
improvement cycle)
Strategic Process
(Framework Implementation)
Strategic Process
(Framework Implementation)
Strategic Process
(Framework continuous improvement
cycle)
IV.
I. II.
V.
III.
Communicateandconsult
Establish the context
Identify risks
Analyze risks
Evaluate risks
Treat risks
Monitorandreview
Tactical Process
Risk assessment
Process for Managing Risk
1.
2.
2a
.
2b.
2c
.
3.
4.
5
.
16. Integrated Risk Analysis Methods
• Brainstorming
• Field level risk assessment
• Job safety analysis
• What-if
• HAZOP – Hazard and Operability Study
• Failure Mode Effects Analysis
• Process Hazard Analysis
• Layers Of Protection Analysis etc.
Hazard Identification Methods
16
18. Dynamics of an Incident and the Hierarchy of Controls
System 1
System 2
System 3
System 4
System 5
System 6
System 7
“Hardware”
Defenses
- Process design
- Plant layout
- Protection systems
Engineering Controls:
Separate: The hazard
by guarding
Redesign: Reconfigure
equipment
Substitute: Materials
or processes
“Software”
Defenses
- Procedures
- Audits
- Management
systems
“Liveware”
Defenses
- Safety culture
- Training
- Alertness
Unusual conditions
Latent failures in
systems
19. The Quality of Risk and Control Data Can Be Improved Over
Time
• Use appropriate risk analysis techniques
• Utilize professional training and facilitators
• Garbage in = garbage out
• If you get this right – you will focus resources on the right risks
and opportunities.
What if Worksheet
20. Risk Registries as an Audit Planning Input
Business Area B Risk Inventory
•Unit 1+2+3 Risks
•Additional BU Risks
Business Area C Risk Registry
•Unit Risks
•Additional BU Risks
PHA Hazops,
LOPAs,
What Ifs
Unit 3 Risk Inventory
Business Unit Risk Registry - VP Level
•BA A+B+C Risks
•Additional BU Risks
Other BU
Risk Registries
PHA Hazops,
LOPAs,
What Ifs
Unit 2 Risk Inventory
PHA Hazops,
LOPAs,
What Ifs
Unit 1 Risk Inventory
Business Unit Principal Risk Registry
•Prioritized BU Risks
Principal Risk Registry
Other BU
Risk Registries
Other BU
Risk Registries
Other BU
Risk Registries
Corporate Risk Registry
Business Area A Risk Registry
•Unit Risks
•Additional BU Risks
20
21. Let’s Look at an Audit Process Flowchart
(ISO 19001 conformant)
21
22. Frequently Asked Questions
Where should the function report?
If the leadership team supports the audit’s independence, where
the function reports into is not important.
What should be the audit budget?
Budget adequate to complete the scheduled audits and employ
outside experts where required.
Frequently Asked Questions
22
23. Auditable Units
How Often Should I Audit ?
How often should one audit?
Audit frequency alters with:
• Compliance history
• Strength of Internal Compliance Program
• Potential risk from poor program performance
• Performance indicators
• Regulatory environment
• Special concerns - sensitive locations / complex operations
Frequently Asked Questions
23
24. Audit Planning Process
In-Year High Risk Requests
3 Year cycle
Embedded into OEMS Process
Audits
• Process Hazard Analysis
• Mechanical Integrity
• Quality Assurance
OEMS Audits – Hazardous Operations
• Annual Determination of
Targets
• Significant Risks / Critical
Controls
• Environmental
• Safety (Personnel and Process)
• Emerging Risks
• Business Process Effectiveness
• Compliance
Risk- Based Audits
Principal Risks
Company Strategy &
Value Drivers
Management
Consultations
Audit Plan
Idea Generation
& Project Scoping
Coverage Over Time
Resourcing
Risk, Value, OEMS Alignment
Prioritization
& Selection
Process Improvement Project
implementation
Continuous Improvement
Prior Audit Insights External Risks
• 5 Year Audit Plan Established
• Process Audit Approach
on Hazardous Operations / Functions
25. Bow-Tie Risk Analysis
“Bow-tie” – is a graphical representation of the development paths from a hazard to its various potential
consequences
25
26. AUDIT SCHEDULING
• Identify liaison
• Meeting Rooms - Data Access
• PPE
• Accommodations
• Special site requirements or rules
• Pre audit document and records request -site plans - org charts - relevant
standards, procedures and guidelines - process flows - prior audits
• Communication of audit criteria
• Develop a detailed Audit Interview Schedule in consultation
with Audit Team Leader (ATL)
• Assign individuals who will participate directly
• Audits usually take 1 and ½ weeks with three or more auditors
• Schedule should be flexible to follow leads
Audit Scheduling
26
27. OEMS Element - Audit Focus Example
Risk: Pipeline Leak Detection
CRITERIA AUDIT FOCUS LOOK FOR…
Element 2
Risk Management
Process for the identification and assessment of risks Risk Registries
•Normal
•Abnormal
•Emergency
Element 3
Legal and Other
Requirements
Provincial Pipeline Act / Regulations
Reg 91/05
CSAZ662 and Annexes
Approval Conditions
Legal Registry
ESS Compliance Tasks
Controls (as per Element 9)
Element 7
Learning and Competence
Critical Positions
Competency Requirements
Training Programs
Relevant Legal Requirements
E.5.1 Training Requirements
“Personnel responsible for interpreting and responding to
the results of leak detection systems shall be
knowledgeable about and receive training in…
Critical Positions defined (as per Element 6)
Role Descriptions (as per Element 6)
Competency Documentation
Training Requirements
Records of training
Operator – Interpreting and responding to results
of leak detection system.
Element 9
Operations and
Maintenance Controls
Leak Detection Processes
E. 5.2 Leak Detection Manual
Operating companies shall have a leak detection manual…
Control System - SCADA design
Material Balance – Persistent small leak detection
Instruments and Systems – Process/Procedures
Right of Way Inspections
Leak Detection Protocols / Manual
Operator - SCADA knowledge
Material Balance Results (daily, weekly, monthly)
Operator - Instrument Readings and Response
Inspection Records
Element 15
Incident Management
Protocol for response
Historical Leaks – Response and Root Cause Analysis
Incidents
Corrective Actions (as per Element 17)
Element 12
Emergency Management
Testing
Exercises
Emergency Preparedness and Response
PM Programs for Emergency Equipment
Testing Results
Corrective Actions (as per Element 17)
Drills and Exercises
ERP Plans
28. AUDIT FINDING CLASSIFICATION MATRIX
Findings should be clear and focused on the non-compliance / non-conformance to defensible criteria
Audit
Classification
Level Of Response Management Involvement
Unacceptable Grave concern
The Senior Vice President (EVP) shall:
● Resolve findings
● Provide detailed quarterly reports to the Operations
Committee on the activities and action plans to raise the local
controls
Not Satisfactory Concern
The responsible VP shall :
● Resolve findings
● Provide detailed semi-annual reports to the Operations
Committee
Satisfactory
Scope for
enhancement
The responsible leader shall :
● Resolve findings
● Take action to ensure that controls are raised
Good Specific
The responsible leader should:
● Resolve findings
● Continue general improvement in controls
Audit Finding Classification Matrix
28
29. Continual Improvement Philosophy
Causal Analysis, Recommendations, and
Corrective Actions
● To a nature and depth commensurate with the potential
consequences of the finding
● Focus on system failures not individuals or equipment
● Do not provide recommendations
● Reject inadequate corrective and preventive actions
● Ensure systemic issues are addressed
● Follow-up on the efficacy of closed corrective actions
29
31. • A great HSEQ management system framework
• Top down, bottom up leadership safety culture
• Efficient monitoring, measuring and self-assessment programs
• Independent internal audit function
• Auditor training and quality check business process
• Hire outside experts
• Data analytics and automation
• A risk-based audit program design
• Effective reporting to senior management
• Good incident management / causal analysis programs
• Collaborative partner
• Feedback on performance
How to Improve Your Internal Audit Program?
31
32. Cost/Benefit Analysis -In Conclusion - Management Must Make the
Call On Risk and Reward Trade-offs
32