ARCHIVED - National Energy Board Onshore Pipeline Regulations (OPR) - Final Audit Report of the Enbridge Pipelines Inc. Emergency Management Program - Appendix I - Emergency Management Program Audit Evaluation Table
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Appendix I
Emergency Management Program Audit Evaluation TableFootnote i
Table of Contents
- 1.0 Policy and Commitment
- 2.0 Planning
- 3.0 Implementation
- 4.0 Checking and Corrective Action
- 5.0 Management Review
1.0 POLICY AND COMMITMENT
1.1 Leadership Accountability
Expectations:
The company shall have an accountable officer appointed who has the appropriate authority over the company’s human and financial resources required to establish, implement and maintain its management system and protection programs, and to ensure that the company meets its obligations for safety, security and protection of the environment. The company shall have notified the Audit Team of the identity of the accountable officer within 30 days of the appointment and ensure that the accountable officer submits a signed statement to the Audit Team accepting the responsibilities of their position.
References:
OPR section 6.2
Assessment:
Accountable Officer
The Board requires the company to establish, implement and maintain an accountable officer. The accountable officer must be given appropriate authority over the company’s human and financial resources for ensuring that the company meets its obligations for safety, security and protection of the environment.
On 31 March 2014, Enbridge submitted written notice to the Board indicating that its President, Guy Jarvis, had been appointed as the accountable officer for Enbridge Pipelines Inc. and all of its subsidiaries regulated by the Board. In its submission, Enbridge confirmed that it’s accountable officer has the authority over the human and financial resources required to meet the Board’s substantive expectations.
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has not found any issues of Non-Compliance. The Board has determined that Enbridge is Compliant with this sub-element.
Compliance Status: Compliant
1.2 Policy and Commitment Statements
Expectations:
The company shall have documented policies and goals intended to ensure activities are conducted in a manner that ensures the safety and security of the public, workers, the pipeline, and protection of property and the environment. The company shall base its management system and protection programs on those policies and goals. The company shall include goals for the prevention of ruptures, liquids and gas releases, fatalities and injuries and for the response to incidents and emergency situations.
The company shall have a policy for the internal reporting of hazards, potential hazards, incidents and near-misses that includes the conditions under which a person who makes a report will be granted immunity from disciplinary action.
The company’s accountable officer shall prepare a policy statement that sets out the company’s commitment to these policies and goals and shall communicate that statement to the company’s employees.
References:
OPR section 6.3
Assessment:
Governance Level Policies and Goals and Commitment Statement
The Board requires the company to document its policies and goals for ensuring its activities are conducted in a manner that ensures the safety and security of the public, workers and pipeline, and the protection of property and the environment.
The NEB OPR does not include any specific management system process requirements for developing policies and goals. However, Enbridge has established clear management system guidance with respect to its process for developing policies and goals. At a governance level, Enbridge’s IMS-01, Governance Documentation outlines the company’s expectations for documenting key corporate policies, such as the Strategic and Business Planning Processes. The Governance Documentation also explains the company’s “Planning Cascade” and associated documentation. This Planning Cascade document explains how the company links its policies and corporate vision to its performance targets and metrics. The practices described within the Governance Documentation process align with the Board’s requirements for establishing policies, goals, objectives, targets and performance measures. While not an absolute alignment between the Board’s requirements and Enbridge’s internal processes it does reflect integration of the Board’s requirements into Enbridge’s business management practices.
(Note: While “goals” are included in this sub-element’s description, for clarity and organization, the review of goals is documented in sub-element 2.3 Goals, Objectives, Targets, below)
Governance Policy
Enbridge’s IMS-01, section 4.2.1, Strategy and Objectives Development Process describes the company’s process for establishing objectives, setting targets, and maintaining a dashboard of scorecard metrics. The executive management team uses the Strategy and Objectives Development Process to direct department priorities and activities. Section 4.3.2, Scorecard and section 4.3.4, Dashboard Reporting Process define the departmental processes for monitoring and measuring its performance against the Liquids Pipelines Business Plan and Enbridge targets.
Governance Commitment Statement
With respect to the OPR requirements relating to developing “a policy statement that sets out the company’s commitment to these policies and goals and shall communicate that statement to the company’s employees”, the Board identified that Enbridge’s IMS-01 included a compliant statement signed by the company’s Accountable Officer. The Board noted that this statement had not been updated in the documents it received at the time of the audit. The Board notes, however, that the documents were provided to the Board before the company notified the Board of its new Accountable Officer. Therefore, the Board will not be making a Non-Compliant finding based on this lack of endorsement.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Emergency Management Program Policy and Commitment Review
Emergency Management Policy
During the audit Enbridge indicated that its emergency management program was integrated into Enbridge’s formal Integrated Management System (IMS). In order to conform to this system and its governance requirements, Enbridge had developed its Emergency and Security Management System (IMS-07) and associated documentation. In this documentation Enbridge indicated that the Emergency and Security Management System is guided by the governing Policies set out in IMS-01. (IMS-01 is Enbridge’s governance management system to which all sub-ordinate (program level) management systems must conform.) The Board’s review of the policies found within IMS-01 indicated that, while they provided higher level direction for Enbridge’s Liquid Pipelines and Major Projects to meet business requirements, they did not provide explicit policy to base its management system on as described in section 6.3 of the OPR. Review of other documentation provided did not demonstrate these requirements. Enbridge had established “Emergency and Security Management Principles” that contained a number of principles that correspond to content that would be included in many standard emergency management policies. Document ion supplied by Enbridge, however, specifically indicated that its principles directly align with and should be reviewed as complying with the Board’s program “Goal” requirements. The Board reviewed a number of other policies and management system documents that contained implicit references to developing, maintaining or implementing incident response capabilities; however, none of the documents met the OPR requirements. The Board therefore found that Enbridge had not demonstrated explicit compliance with the OPR.
Hazard Reporting and Immunity from Disciplinary Action Policies
The OPR contains specific policy requirements with respect to internal reporting of hazards, potential hazards, incidents and near-misses that includes the conditions under which a person who makes a report will be granted immunity from disciplinary action. The Board expects this policy to be explicit in its design and communication and be easily visible to all staff.
In its demonstration of compliance with these OPR requirements, the Board was provided a number of internal documents that describe Enbridge’s expectations with respect to the required policy. The documents provided included its IMS-01: Governing Policies and Processes, its IMS-02: Compliance and Ethics Management System, its Compliance Policy, its Statement of Business Conduct and numerous Tier 2 and 3 documents. The Board reviewed the documents and noted the following:
Enbridge’s IMS-01, Governing Policies and Processes Management System was released on 1 January 2014. This document is the foundation for Enbridge’s corporate and program management systems development and management. The Compliance Assurance section in IMS-01 states that “management will provide an open and confidential method for the Workforce to report Non-Compliant, unethical or unlawful behaviour, without fear of retaliation.”
Section 1.4.3 of IMS-02 Compliance and Ethics Management System, states that “The Enbridge Workforce will report to their supervisor situations and acts they suspect could reveal or lead to an Event affecting Enbridge. No retaliatory action will be taken against any Workforce member raising Events in good faith. Raising Events will be held confidential, in accordance with legal requirements.” Further, IMS-02, section 1.5 states that “Events will be reported without fear of retaliation to ensure Corrective and Preventive Action.”
Enbridge has posted the Compliance Policy for its Liquids Pipeline division on its e-link intranet site. This policy says that employees are accountable to “comply with all applicable laws, regulations and other legal requirements.” According to this policy, employees are expected to “immediately report any new or suspected material compliance issue to their leader.” The policy also says that “in reporting any new or suspected compliance issues all employees will be treated in accordance with Enbridge’s non-retaliation principles set out in Enbridge’s Statement on Business Conduct.”
The Statement of Business Conduct applies to all employees and contract staff in the Enbridge group of companies. The statement includes Enbridge’s non-retaliation policy. It includes the assertion that “no retaliatory action will be taken against an employee or contractor for providing good faith information either internally or to a government authority, or for participating in any proceeding concerning alleged violations of any laws of policies. Disciplinary measures may be taken against an employee or contractor if they participated in the activity, even if they reported it.”
Review of the supplied information identified that the Enbridge policies did not explicitly include reporting of hazards and potential hazards. The policies also did not explicitly identify the conditions under which a person who makes such a report will be granted immunity as part of the reporting policy. Further, Enbridge limited its non-reprisal statements to issues relating to compliance or unethical behavior. The Board notes that the policies are intended to be explicit with respect to reporting and what to report in order to, not only encourage reporting but also to clearly identify what to report. Enbridge’s statements would require interpretation prior to reporting thus potentially slowing down hazard management and mitigation. Also, as hazards and potential hazards are not necessarily violations of law or the result of unethical behaviour, the Board has determined that the policies or statements provided did not meet the OPR requirements. Further, the Board finds that Enbridge did not communicate the policy requirements in a manner acceptable to the Board. The Board found that many parts of the requirements were located in intranet documentation or in Tier 2 and 3 documents. The Board considers that the required policy should be part of the corporate policy and be communicated explicitly as such.
Summary
The Board found that Enbridge has developed principles and programs to guide and support its Emergency Management program.
The Board also found the following areas of non-compliance in the Policy and Commitment Statements sub-element:
- Enbridge did not demonstrate that it has a policy that explicitly describes internal reporting of hazards, potential hazards, incidents and near-misses as required by OPR, section 6.3(1)(a);
- Enbridge did not demonstrate that its policies include the conditions under which a person who reports a hazard, potential hazard, incident or near-miss will be granted immunity from disciplinary action as required by OPR, section 6.3(1)(a); and
- Enbridge did not demonstrate that it has a management system policy for its Emergency Management program that meets the requirements of OPR, section 6.3(2).
Based on the Board’s evaluation of Enbridge’s management system and the Emergency Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
2.0 PLANNING
2.1 Hazard Identification, Risk Assessment and ControlFootnote 1
Expectations:
The company shall have an established, implemented and effective process for identifying and analyzing all hazards and potential hazards. The company shall establish and maintain an inventory of hazards and potential hazards. The company shall have an established, implemented and effective process for evaluating the risks associated with these hazards, including the risks related to normal and abnormal operating conditions. As part of its formal risk assessment, a company shall keep records to demonstrate the implementation of the hazard identification and risk assessment processes.
The company shall have an established, implemented and effective process for the internal reporting of hazards, potential hazards, incidents and near-misses, and for taking corrective and preventive actions, including the steps to manage imminent hazards. The company shall have and maintain a data management system for monitoring and analyzing the trends in hazards, incidents, and near-misses.
The company shall have an established, implemented and effective process for developing and implementing controls to prevent, manage and mitigate the identified hazards and risks. The company shall communicate those controls to anyone exposed to the risks.
References:
OPR section 6.5(1)(c)(d)(e)(f)(r)(s)
Governance Level Hazards and Potential Hazards Identification
At a governance level, Enbridge’s IMS-01, section 4.3, Risk Management Process describes the company’s process for identifying hazards, assessing risks and developing and implementing controls. The process includes written descriptions and the steps required for identifying hazards, assessing risks, planning risk responses, monitoring, reviewing and reporting risks. At a high level, the risk management steps identified in Enbridge’s Risk Management Process correspond to the legal requirements of this sub-element. However, in its review of this process, the Board noted deficiencies in the design and implementation of this process.
Enbridge’s Risk Management Process outlines broad, inter-related requirements and commitments; however, it does not meet the Board’s process requirements as outlined in Section 1.0 Audit Terminology and Definitions of the Board’s attached Audit Report.
Governance: Hazard vs Risk
In the governance Risk Management Process and related practices, Enbridge uses the terms “risk” and “hazard” interchangeably; this is inconsistent with the Canada Labour Code and the OPR and common practice definition or use of the terms. The Board has provided the following definition of hazard and risk in the past. Hazard: Source or situation with a potential for harm in terms of injury, ill health, damage to property, damage to workplace and environment, or a combination of these. Risk: Combination of the likelihood and consequence(s) of a specified hazardous event occurring.
Although the Board reviewed Enbridge’s program with this terminology issue in mind, the discrepancy has led to some gaps being identified in the overall Risk Management Process.
Governance Hazards Inventory
Enbridge’s governance Risk Management Process requires that each sub-ordinate management system develop risk registers which is non-compliant with the requirements of OPR both in name and intent. The Board requires companies to develop an inventory of identified hazards and potential hazards.
Governance Risk Evaluation
Enbridge’s governance Risk Management Process includes a risk evaluation practice within it. The Board reviewed Enbridge’s Risk Evaluation practice. The method used to evaluate the risk of hazards (Enbridge - risks) was fully developed and appropriate if it was implemented as designed.
The Board’s audit also assessed the implementation of the risk evaluation process. This assessment determined that, while it was being implemented consistently across all of Enbridge’s programs, it was being utilized in a manner inconsistent with OPR requirements. Through interviews and document and record reviews, it was determined that Enbridge was implementing a practice whereby it applies the risk evaluation process to risks (hazards) taking into consideration the controls that may apply to the risk prior to the assessment. The result of this practice would be the identification of “residual” risk and assumes that the controls are directly applicable and appropriate to the hazard and that the control is being implemented fully on a consistent basis. The OPR process indicates that the risk evaluation should be applied directly to the hazard. This will determine “inherent” risk. This allows companies to fully identify the significance of the hazard and appropriately communicate, establish and implement controls and monitor it as required in the OPR.
In evaluating the establishment and implementation of the Enbridge’s Risk Management Process, the Risk Management Process Map provided in IMS-01 sectionn 4.3 was noted to contain process steps that were colour-coded red and yellow. According to Enbridge, yellow colour coding indicates that the activities required to execute the process steps are not adequately documented or not fully implemented in a consistent manner. Red colour coding indicates that the process step is aspirational and is not being executed by the organization. Several process steps within the Risk Management Process Map were colour coded red yet are regulated requirements within the overall Risk Management Process. For example, process stepn 16 - “identify, assess and prioritize risks” is a process step that is required to meet the requirements of OPR sectionn 6.5(1)(e.). The Board has previously communicated that it recognizes aspirational practices as part of sound continual improvement practices. If a company clearly demonstrates that its practices are above the legal requirements and proactively communicates them as such within its overall programs, the Board will not find them non-compliant with OPR section 4.
Governance Developing and Implementing Controls
The Board also reviewed Enbridge’s governance process for developing and implementing controls to prevent, manage and mitigate the identified hazards and risks. The Board found that Enbridge’s process did not meet the Board’s requirements with respect to the design of a process. As well, the Board was unable to see evidence of clear requirements and directions for considering and applying the hierarchy of controls when developing controls.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Emergency Management Program Hazard Identification, Risk Assessment and Control
Identification of Hazards and Potential Hazards Processes
Enbridge Emergency and Security Management System IMS-07 indicated its hazard process directly aligns with the IMS-01 process for risk and hence, deficiencies in the IMS level risk process noted in the above section apply to the Emergency Management program. Additionally, a review of the Enbridge IMS level risk approach indicated that Enbridge’s Emergency Management program utilized a ‘risk’ based approach for its process rather than a hazard-based approach required by the Board and the Canada Labour Code Part II. No other hazard or “risk” based hazard identification process documentation was provided during the audit.
During interviews, Enbridge staff identified that, from a risk assessment perspective, Enbridge considers that there is only one hazard to be considered and managed and therefore the program processes should appropriately focus on the associated “risks” rather than hazards as the hazards and potential hazards had been identified, as required. Enbridge identified that this singular hazard as oil release from its facilities. The Board finds that this practice is simplistic and, as noted above, not in keeping with the widely accepted hazard definition and identification practices. The Board notes that this practice does not allow for the formal identification and management of all hazards and secondary hazards such as those related to fire, explosion and the disruption of urban infrastructure, among others. This practice is found to be non- compliant with the Board’s requirements with respect to hazard and potential hazard identification.
Inventory of Hazards and Potential Hazards
At a governance level, Enbridge’s IMS, section 4.3, Risk Management Process describes the responsibilities and standards the company follows to conduct risk assessments and develop its risk register for integration into its emergency planning. During the audit, Enbridge indicated that the risk register identified in the above IMS section fulfils its requirements with respect to the OPR hazard inventory requirements. The Board reviewed this document (Hazard and Risk Register, v1.1 l, 14 March 2014) and associated records during the audit and found that the risk register was limited to the identification and inventorying of business risks relating to the program and, in keeping with the singular hazard philosophy noted above, did not represent an “all-hazards and potential” approach. This practice is found to be non-compliant with the Board’s requirements with respect to developing and maintaining a hazard and potential hazard inventory.
Evaluation of Risk
During the audit, Enbridge provided documentation to demonstrate the risk evaluation processes it had established for its emergency management program. Enbridge provided two approaches it was using for evaluation of risk: the IMS-01 approach, as noted above for evaluating business risks, and an “Enbridge Risk Management Process” document, dated 20 June 2013. The Board has found that the IMS-01 approach for risk is not fully appropriate to be applied to emergency management practices as it focused on business, environmental and specified health and safety risks and not on the evaluation of risks using an “all hazards” approach. The Board’s review of the Enbridge Risk Management Process document indicated that it contained, what could be considered, high level procedures in the form of annotated process maps for providing direction to perform specific risk assessment techniques on specified activities and in specified circumstances. Examples of the specified activities and circumstances included: mainline repairs or replacements, changes in operating conditions (such as line pressure restriction) and added or removed assets (such as valves, instrumentation and tanks). Further, the Board’s review of the Risk Management Process indicated that, similar to its review of the IMS-01 risk process, the process did not meet the Board’s process design requirements outlined in Section 1.0 Audit Terminology and Definitions of the attached audit report. During the audit, Enbridge did not provide records demonstrating the application of the Risk Management Process within its emergency management program.
During the audit, Enbridge staff provided verbal information several times indicating that, the company initiated a project in 2013 to update its existing Index Model approach for risk assessment procedures to a quantitative model that would result in a more robust and comprehensive risk assessment program. Company staff indicated the new quantitative model will provide further definition and guidance on how the company evaluates risks and determines controls for upset and abnormal events includes placement of pipeline, valves, design and construction and emergency response. Enbridge, however, did not provide any documentation for review that supported the existing or updated practices.
Developing and Implementing Controls
As per, other sections reviewed within this sub-element, Enbridge indicated that, at the program level, it aligns directly and follows the IMS-01 process with respect to the Board’s requirements to establish and implement a process for developing controls to prevent, manage and mitigate the identified hazards and risks.
During the audit Enbridge did provide documented evidence of controls such as emergency plans, control points, equipment, procedures in operations and maintenance manuals and studies of response time across all regions within its scope of operations (see sub-element 3.2 Operational Control-Upset or Abnormal Operating Conditions, below). The Board found that the Enbridge’s controls were developed based on standard industry practices, input from its and other emergency response personnel, and knowledge gathered during its exercise activities and past responses. The Board views the practices described as part of a compliant process to develop controls; however, to be compliant, companies must demonstrate a documented process that specifically includes direct links between its hazards and evaluations of risk to the determination of the types, approach and development of these controls. The process must also allow the company to choose controls that allow it to follow a hierarchy of controls.
The Board has found that Enbridge has not established and implemented a process for developing and implementing controls that meets the OPR requirements.
Summary
The Board found that Enbridge had developed a governance management system process for identifying, evaluating and managing its hazards and risks; however, the Board also found that this governance level management system process did not meet the OPR requirements.
The Board found that, at the program level, Enbridge’s hazard identification practices were considered to be simplistic and did not reflect common hazard identification practices. Enbridge’s identification of a singular hazard approach combined with its corporately focused and undemonstrated risk evaluation practices is considered to be a foundational issue with respect to developing a management system driven emergency management program. The Board has found that Enbridge has not developed the OPR required sequential stepped-approach of hazard and potential hazard identification, evaluation of risk and determination of controls.
The Board found that Enbridge had not developed a program level risk evaluation process that addressed the OPR requirements. During the Audit Enbridge provided two documented processes as its Emergency Management program level risk evaluation processes. The Board found that the processes, alone or together, did not meet the OPR requirements as one focused on corporate risk and the other was applicable only to specific activities.
Regardless of the lack of a compliant process for developing controls, the Board found that Enbridge had established and implemented emergency management related controls and control practices such as the development of emergency response plans, tactical plans, pre-identification of control points and acquisition and placement of emergency response. The Board found that the controls had been developed based on standard accepted industry practices, input from its and other emergency response personnel and knowledge gathered during its exercise activities and past responses not by an established management system process.
The Board found that Enbridge had not established and implemented a documented management system process to develop and implement controls to prevent, manage and mitigate its identified hazards and risks.
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
2.2 Legal Requirements
Expectations:
The company shall have an established, implemented and effective process for identifying and monitoring compliance with all legal requirements that are applicable to the company in matters of safety, security and protection of the environment. The company shall have and maintain a list of those legal requirements. The company shall have a documented process to identify and resolve non-compliances as they relate to legal requirements, which includes updating the management and protection programs as required.
References:
OPR section 6.5(1)(g),(h),(i)
Assessment:
Governance: Identifying Legal Requirements
At a governance level, Enbridge’s IMS-01, Governing Policy and Process Management System and IMS-02, Compliance and Ethics Management System describe the company’s processes for identifying and monitoring its compliance with legal requirements. The IMS-02, Compliance and Ethics Management System, section 4.5.1 indicates that the company is required to develop a master corporate compliance register and departmental compliance registers. The compliance registers link to the company’s verification processes, which are described in IMS-01, section 4.4, Health Checks and IMS-01, section 4.5, Internal Reviews. IMS-02, section 5.2, Performance Measurement and Management, describes the company’s governance processes for measuring and monitoring its compliance.
The OPR requires a company to establish and implement a process to identify its legal requirements and establish and maintain a legal list of the identified requirements. IMS-02 section 4.5.1 outlines Enbridge’s processes for identifying its legal requirements and outlines requirements to develop master and departmental compliance registers. Review of this process indicated that it aligns with the OPR process requirements for identifying legal requirements and establishing and maintaining a legal list. Review of the process as documented identified that, by description it should lead to a compliant process. For example the process includes steps requiring monitoring of legal changes, updating compliance, etc. It also establishes roles and responsibilities. However, the Board’s audit of this process identified that it was limited to description of the requirements and did not meet the Board’s management system process requirements. Further, the process does not require the development of a single legal list. The process includes requirements to develop a master compliance register; however, this register specifically excludes certain requirements such as in orders and permits. These are to be tracked in individual departmental compliance registers.
The Board also reviewed the linked compliance verification processes that Enbridge indicated were used to monitor compliance and resolve non-compliances. The Board’s review indicated that some of the processes are not designed to meet the Board’s requirements. For example, both the Health Check and Internal Review processes are specifically not expected to be comprehensive with respect to evaluating departmental or management functions or departmental or project performance. Additionally, as described in the Internal Audit sub-element 4.3 below, the Internal Review process has not been established and implemented at the time of the audit and Health Checks appear to be limited to reviewing the existing identified requirements that have been integrated within its existing processes and practices.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Emergency Management Program Legal Requirements
Identifying and Monitoring Compliance
IMS-07, Compliance Register describes the process and responsibilities involved in reviewing sources for information about regulatory changes that apply to the company. This process also describes how Enbridge implements regulatory changes in its Emergency Management program.
Enbridge’s Emergency and Security department personnel indicated that the company has formal processes for identifying and maintaining applicable legal requirements in a register. However, personnel indicated that the specific, program level processes for the Emergency and Security department are still under development. The Board found that Enbridge had not established and implemented a process for identifying, and monitoring its compliance with all legal requirements that apply to the company in matters of safety, security and protection of the environment.
Establishing and Maintaining a List of Legal Requirements
The company’s Emergency and Security department has developed an IMS-07 Compliance Register. The register is comprised of a table with a comprehensive description of applicable regulatory requirements including the section or part number related to the compliance requirement. Enbridge includes legal updates for its Liquids Pipelines business unit in a monthly publication posted on the company’s intranet.
The Board found that Enbridge has demonstrated that it keeps a comprehensive list of regulatory requirements that includes section and part identification for applicable requirements.
Monitoring Compliance
The Emergency and Security department is responsible for assessing compliance to current and pending regulations and maintaining a list of legal requirements for that department. Enbridge’s Emergency Response Coordinators across the region indicated that they are responsible for identifying regional and local non-compliances, and communicating the issue to local management and the Emergency Response department. The Board found the program level practices used by the Emergency and Security department or identifying and monitoring compliance with legal requirements has been implemented as presently required.
Summary
The Board found that Enbridge had developed a number of governance and program level processes and practices for identifying and monitoring its legal requirements. This included establishing and maintaining a comprehensive list of regulatory requirements at the program level.
The Board also found that Enbridge’s governance management system processes did not meet the OPR requirements with respect to process design and implementation.
The Board found that Enbridge had not established and maintained the legal list as required by the OPR.
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
2.3 Goals, Objectives and Targets
Expectations:
The company shall have an established, implemented and effective process for developing and setting goals, objectives and specific targets relevant to the risks and hazards associated with the company’s facilities and activities (i.e., construction, operation and maintenance). The company’s process for setting objectives and specific targets shall ensure that the objectives and targets are those required to achieve its goals, and shall ensure that the objectives and targets are reviewed annually.
The company shall include goals for the prevention of ruptures, liquid and gas releases, fatalities and injuries, and for the response to incidents and emergency situations. The company’s goals shall be communicated to employees.
The company shall develop performance measures for assessing the company’s success in achieving its goals, objectives, and targets. The company shall annually review its performance in achieving its goals, objectives and targets and the performance of its management system. The company shall document the annual review of its performance, including the actions taken during the year to correct any deficiencies identified in its quality assurance program, in an annual report, signed by the accountable officer.
References:
OPR sections 6.3, 6.5(1)(a),(b), 6.6
Assessment:
Governance: Goals, Objectives and Targets for Risks and Hazards]
The OPR does not include any specific management system process requirements for developing policies and goals. However, Enbridge has established clear management system guidance with respect to its process for developing policies and goals. At a governance level, Enbridge’s IMS-01, Governance Documentation outlines the company’s expectations for documenting key corporate policies, such as the Strategic and Business Planning Processes. The Governance Documentation also explains the company’s “Planning Cascade” and associated documentation. This Planning Cascade document explains how the company links its policies and corporate vision to its performance targets and metrics. The practices described within the Governance Documentation process align with the Board’s requirements for establishing policies, goals, objectives, targets and performance measures. While not an absolute alignment between the Board’s requirements and Enbridge’s internal processes it does reflect integration of the Board’s requirements into Enbridge’s business management practices.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Emergency Management Program Goals
(Enbridge demonstrated that its program level Goals, Objectives and Targets aligned with the governance requirements; therefore, this section will focus on the specific goal requirements found in the OPR which apply to this program.)
The OPR identifies that a company must have goals for preventing ruptures, liquid and gas releases, fatalities and injuries, as well as for responding to incidents and emergency situations. For this audit, in addition to the LP goals and associated processes and practices as described in the governance section above, the Board included an evaluation of Enbridge’s Emergency Management program level goals, objectives and targets, specifically the goals for the response to the incident and emergency situations as described in OPR section 6.3(1)(b) and the corresponding objectives, specific targets and performance measures described in OPR section 6.5(1)(a) and (b).
The Board reviewed various documents and records and interviewed staff in its audit of this sub-element and found that Enbridge had not established the required goals on which to base its emergency response program on and the subsequent objectives, targets and performance measures. As examples, the Board would expect documented goals with related to incident response times, communication with stakeholders and first responders, etc.
Review of information provided by Enbridge and its employees demonstrated that, although Enbridge did not demonstrate that it had explicit goals for the response to incidents and emergency situations, Enbridge did demonstrate that it was communicating its existing goals and priorities to its employees through a variety of means including staff presentations, emails, intranet advisories and within its planning documents and scorecards.
Summary
The Board found that Enbridge demonstrated an alignment between its governance processes and with the OPR requirements.
The Board also found that Enbridge had not established explicit goals relating response to incidents and emergency situations as required by the OPR.
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
2.4 Organizational Structure, Roles and Responsibilities
Expectations:
The company shall have a documented organizational structure that enables it to meet the requirements of its management system and its obligations to carry out activities in a manner that ensures the safety and security of the public, company employees and the pipeline, and protection of property and the environment. The documented structure shall enable the company to determine and communicate the roles, responsibilities and authority of the officers and employees at all levels. The company shall document contractors’ responsibilities in its construction and maintenance safety manuals.
The documented organizational structure shall also enable the company to demonstrate that the human resources allocated to establishing, implementing and maintaining the management system are sufficient to meet the requirements of the management system and to meet the company’s obligations to design, construct, operate or abandon its facilities to ensure the safety and security of the public and the company’s employees, and the protection of property and the environment. The company shall complete an annual documented evaluation in order to demonstrate adequate human resourcing to meet these obligations.
References:
OPR sections 6.4, 20, 31
Assessment:
Governance Organizational Structure and Roles and Responsibilities
At a governance level, Enbridge demonstrated that it has a single, over-arching management system process that describes the organizational structure and responsibilities for the ongoing development and implementation of its management system. The IMS documents defined the roles and responsibilities regarding occupational health and safety of all employees and contractors.
The governance management system documents indicated that Enbridge’s executive management was responsible for upholding the management system policies, process, standards and requirements. They were also responsible for ensuring that appropriate resources are available to monitor compliance and implement continuous improvement of the management system. Further the documentation identified that Enbridge’s President’s responsibilities include allocating the resources necessary for management system compliance.
Governance Annual Evaluation of Resource Need
Enbridge demonstrated that it has developed a number of corporately required or supported mechanisms for evaluating its resourcing needs.
Enbridge did not; however, provide specific documentation and records to demonstrate it evaluates the need for human resources allocated to establishing, implementing and maintaining its management system and explicitly meeting its OPR section 6 obligations at a corporate or program level.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Emergency Management Program Organizational Structure and Roles and Responsibilities
During the audit Enbridge demonstrated that its program specific Emergency and Security Management System outlines emergency accountabilities and responsibilities for the company’s line management, regional Operations staff and contractors. This document describes the roles involved in coordinating Emergency and Security Management functions and the organization and reporting relationships for the Emergency and Security Management functions. Enbridge’s regional Emergency Response Coordinators identified that local management maintains job descriptions with defined roles and responsibilities. Enbridge uses position description templates to document these roles and responsibilities and job ladders to clearly define the knowledge, skills and abilities required at each level of a functional area. Additional roles and responsibilities are outlined in process documents or integrated into process documents such as the governance IMS manuals.
Additionally, and specific to Enbridge’s emergency/incident response practices, Enbridge demonstrated that it had formally adopted the Incident Command Structure (ICS) that establishes a formal and proven organization structure for managing incidents and includes standardized and documented roles and responsibilities statements.
Annual Evaluation of Resource Needs
Enbridge demonstrated that it uses several mechanisms to evaluate human resources needs for its emergency management program. Key examples include:
- Liquids Pipelines priorities and objectives review and planning - The leadership team defines the key priorities and objectives for Liquids Pipelines in alignment with the Strategic Plan; the Strategic Plan defines the focus and priorities for the company as a whole;
- Emergency and Security Department Plan development - IMS-01 processes outline the steps involved in developing a Department Plan;
- Workforce planning - The Enbridge Human Resources department leads the Emergency and Security department through the Workforce Budgeting process. As a result of this process, the department identifies the job types and the number of each job type required to ensure there are sufficient resources to meet management and protection requirements.
- Annual Work Plan update and development - The Emergency and Security department develops a detailed annual work plan that takes into account the priorities, objectives and Department Plan of the Liquids Pipelines business unit.
- Individual Objectives development - Emergency and Security department personnel work with their designed People Leader to develop individual objectives at the beginning of each calendar year. These objectives become part of each employee’s performance management plan.
During the audit Enbridge provided an example of how the company assesses the completion status of its business activities during the year. The examples demonstrated that additional resources are available if they are required. In interviews, Emergency and Security department personnel indicated that the Emergency Management Systems Specialist position at the corporate level was approved and a job posting was issued.
The Board identified three program level issues with respect to Enbridge’s evaluation of need for its emergency management program.
Enbridge was unable to demonstrate that it had quantified the human resources required to respond to an emergency and subsequently it had not included these resources in its annual evaluation of need. The Board noted that staff at all levels and regions within the company identified that there would not be and never has been an issue with acquiring all required resources to respond to an incident. Based on a review of Enbridge’s past incident responses and records, the Board has not identified any resourcing issues related to Enbridge’s responses. The Board, however, requires that all of its regulated companies must demonstrate the sufficiency of its human resources to meet its obligations to ensure the safety of the public, its employees and the pipeline; and ensures the protection of property and the environment in a documented manner. This would necessitate a documented, quantified knowledge of the human resources required to respond to an emergency as per their emergency planning.
The Board identified that the resource evaluation mechanisms described were being implemented within the Emergency and Security department. In reviewing the documentation and records associated with resource evaluation mechanisms, the Board identified that Enbridge’s practices were not accounting for staff outside of the department with emergency management responsibilities. For example Field Operations and Maintenance staff have emergency management responsibilities that must be accounted for.
Additionally, Enbridge did not provide specific documentation to demonstrate it evaluates the need for human resources allocated to establishing, implementing and maintaining its management system and meeting its obligations as described in the OPR.
Summary
The Board found that Enbridge had a documented organizational structure and communicates the roles responsibilities and authorities of the officers and employees at all levels of the company. Additionally, the Board found that Enbridge had adopted ICS which establishes a proven incident response organizational structure with documented roles and responsibilities.
The Board found that Enbridge had established and implemented several mechanisms for reviewing its emergency management program human resourcing needs.
The Board also found that Enbridge’s evaluation of need practices did not specifically account for staff with emergency management responsibilities outside of the Emergency and Security department. Further, Enbridge did not demonstrate that it had documented an evaluation of the human resource needs required during an actual response.
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
3.0 IMPLEMENTATION
3.1 Operational Control-Normal Operations
Expectations:
The company shall have an established, implemented and effective process for developing and implementing corrective, mitigative, preventive and protective controls associated with the hazards and risks identified in elements 2.0 and 3.0, and for communicating these controls to anyone who is exposed to the risks..
The company shall have an established, implemented and effective process for coordinating, controlling and managing the operational activities of employees and other people working with or on behalf of the company.
References:
OPR section 6.5(1)(e),(f),(q)
Assessment:
The Board notes that the Emergency Management program addresses only abnormal or upset operations. This section is therefore considered not to apply in this audit. The review of Enbridge’s controls is documented in sub-element 3.2, below.
Compliance Status: N/A
3.2 Operational Control-Upset or Abnormal Operating Conditions
Expectations:
The company shall establish and maintain plans and procedures to identify the potential for upset or abnormal operating conditions, accidental releases, incidents and emergency situations. The company shall also define proposed responses to these events and prevent and mitigate the likely consequence and/or impacts of these events. The procedures must be periodically tested and reviewed, and revised where appropriate (for example, after upset or abnormal events). The company shall have an established, implemented and effective process for developing contingency plans for abnormal events that may occur during construction, operation, maintenance, abandonment or emergency situations.
References:
OPR section 6.5(1)(c)(d)(e)(f)(t)
Assessment:
Governance Developing and Implementing Operational Controls - Upset or Abnormal Operations
At a governance level, Enbridge’s IMS-01, section 4.3, Risk Management Process describes the company’s process for developing and implementing controls for addressing its hazards and risks. As noted in sub-element 2.1 of this audit, the Board found that this Enbridge process is non-compliant for several reasons, including the process design and implementation of the hierarchy of controls. Since the Board has already identified that Enbridge will have to develop corrective action plans for sub-element 2.1, the Board will not assign additional non-compliances for the governance process in this sub-element; however, Enbridge must specifically consider and include any corrective actions associated with this sub-element within the corrective action developed plan developed for sub-element 2.1.
Governance Processes for Coordinating, Controlling and Managing the Operational Activities of Employees and other People Working With or On Behalf of the Company
These management system process requirements are described in OPR section 6.5(1)(k) and (q). During the audit Enbridge indicated that these requirements were described within its IMS-01 sections 2.4 Management System Development and Implementation Requirements and 4.14 Workforce Competency and Qualification Management Process and in its OMMs and various other program level processes.
Review of the IMS processes indicated that they did not address the requirements identified in the sub-element directly and that, as noted elsewhere in this report the IMS-01 4.14 Workforce Competency and Qualification Management Process has not been demonstrated to be established or implemented. Review of the OMM processes indicated that they were not considered as governance management system process within the company. Enbridge is therefore non-compliant with respect to its OPR management system process requirements.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Emergency Management Program Upset or Abnormal Operating Conditions
As identified in sub-element 2.1 of this audit, the Board has found Enbridge Non-Compliant with respect to the requirements to establish and implement a process for developing and implementing controls to prevent, manage and mitigate its identified hazards and risks. Regardless of the lack of a compliant process for developing controls, during the audit, Enbridge provided documents and records to demonstrate that it had developed controls to address the hazards and risks normally associated with an incident and subsequent emergency response on its system. The Board found that Enbridge had developed the controls based on standard accepted industry practices, professional knowledge and learnings (input from its and other emergency response personnel and knowledge gathered during its exercise activities and past responses). The Board further found that, in the absence of a compliant controls development and associated hazard and risk identification and evaluation processes, Enbridge could not formally demonstrate or verify that its existing controls were adequate or, in the case of equipment and associated human resources, located in appropriate locations.
In the absence of compliant processes with respect to hazard identification, risk assessment and the development of controls, the Board evaluated Enbridge’s existing controls based on the documents and records provided by Enbridge; and through interviews with Enbridge’s head office and field staff. The Board also visited each of Enbridge’s operational regions to familiarize itself with Enbridge’s operations and operating environments, identify hazards and risks, review field plans and documentation and records and verify the existence and condition of equipment.
During the audit, Enbridge provided evidence of the development, implementation and maintenance of controls. Examples of the controls included administrative controls, response equipment and communications activities, among others. Examples of administrative controls reviewed included: Emergency Procedures Manuals, site-specific and regional response plans, pre-determined tactical plans, tank fire plans, pre-established control point documentation, membership in spill cooperatives, etc. Examples of emergency equipment included: response trailers, booms, boats, oil skimmers, pumps, generators, etc. The Board found that Enbridge developed controls that, based on the Board’s qualitative assessment, correspond to its hazards, risks, activities and locations. Enbridge demonstrated that it had dedicated significant resources to acquiring equipment for emergency response and had also established agreements with response specialists and other industry organizations for emergency response preparedness and response activities.
During the audit, Enbridge staff identified that the company’s primary emergency response controls related requirements are contained or referenced within its Operations and Maintenance Manuals (OMMs) in Book 7. The OMMs were identified as being used by Enbridge’s Emergency Management staff and its Field Operations and Maintenance workers and outlined the written procedures, standards and tools used for development, implementation, maintenance and communicating of the corrective, mitigative, preventive and protective measures (commonly referred to as “controls”) to manage Enbridge’s emergency responses. This manual and associated documentation and any updates are required to be submitted to the Board.
As part of the audit, the Board reviewed the adequacy and maintenance of Enbridge’s manual and any associated documentation submitted to the Board. The Board utilized its standardized emergency procedures manual review procedure.
The Board’s manual review found that Enbridge’s manuals had some deficiencies. Analysis of the deficiencies indicates that the findings fell within two categories: administrative deficiencies and content based deficiencies. Examples of administrative issues identified would be document management issues associated with distribution lists or missing control numbers in the submitted documentation. Content based issues related to old or outdated information in the copies filed to the Board. The outdated information related to out of date environmental sensitivity mapping. With respect to the sensitivity mapping, Enbridge indicated that the information was available but was substantial in volume. Enbridge agreed to provide the information in digital format. As per the Board’s normal process, Enbridge has been issued Notices of Non-Compliance with an agreed upon compliance date for all outstanding issues of 31 January 2015.
The Board identified that Enbridge has initiated and progressed on a new approach for emergency planning and documentation. This was referred to as its “integrated contingency plan” approach. The Board confirmed that Enbridge’s plan is to eventually replace all of the Book 7 content with the new integrated contingency plans. The company provided a draft of the Integrated Contingency Plan for one of Enbridge’s Regions, the Eastern Region; however, this document had not been finalized at the time of the audit. The Board noted that the new Integrated Contingency Plans are being developed based on a best practices approach rather than using a hazards/risks approach.
Emergency Management Program Processes for Coordinating, Controlling and Managing the Response Activities of Employees and other People Working With or On Behalf of the Company
During the audit, Enbridge demonstrated that, in addition to the practices that govern Enbridge employees and workers undertaking normal operations activities, Enbridge has adopted the Incident Command System (ICS) to coordinate and manage its responses. The Board notes that ICS is a well-known and widely accepted management structure for managing large, small, escalating or deescalating incidents. ICS also allows companies to integrate other agencies or organizations into its response structure to ensure that regulatory and public safety requirements are being met.
Enbridge demonstrated that its staff had received appropriate training commensurate to their levels of involvement and oversight.
Summary
Based on interviews, and document and record reviews, the Board found that Enbridge demonstrated that had numerous controls for its emergency program such as emergency response plans, tactical plans, tank fire plans etc. The Board found that Enbridge had developed its controls (plans, equipment etc.) based on industry practices, input from emergency response personnel expertise and experience with historical events. Further, the Board found that Enbridge has demonstrated that it had dedicated significant resources to acquiring equipment for emergency response and had also established agreements with response specialists and other industry organizations for emergency response preparedness and response activities.
The Board found that Enbridge developed controls that, based on the Board’s assessment, correspond to its hazards, risks, activities and locations.
The Board reviewed Enbridge’s Emergency Procedures manuals, as submitted to the Board, and has found deficiencies that Enbridge has agreed to rectify by 31 January 2015.
The Board has found that Enbridge has not utilized a sequential stepped approach for hazard and potential hazard identification, evaluation of risk and determination of controls. The Board further found that, in the absence of a compliant controls development and associated hazard and risk identification and evaluation processes, Enbridge could not formally demonstrate or verify that its existing controls were adequate or, in the case of equipment and associated human resources, located in appropriate locations.
The Board found that Enbridge had established and implemented ICS (Incident Command Structure) as its standard process for coordinating, controlling and managing the response activities of employees and other people working with or on behalf of the company during an incident.
Based on the Board’s evaluation of Enbridge’s management system and the Emergency Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
3.3 Management of Change
Expectations:
The company shall have an established, implemented and effective process for identifying and managing any change that could affect safety, security or protection of the environment, including any new hazard or risk, any change in a design, specification, standard or procedure and any change in the company’s organizational structure or the legal requirements applicable to the company.
References:
OPR section 6.5(1)(i)
Assessment:
Governance Management of Change Process
During the audit, Enbridge identified that it had developed a governance management of change process. In reviewing the documents and records and conducting interviews, the Board found that Enbridge’s governance process had not been fully established or implemented at the time of the Board’s audit. The Board’s review found that Enbridge’s design of its governance process does not meet the OPR management system process requirements.
During the audit, Enbridge indicated that MOC processes and requirements are embedded in all of its existing written processes, procedures and practices. Enbridge indicated that a single MOC process would not be able to meet its or other companies with significant facilities and processes, requirements. Therefore, Enbridge has multiple processes embedded in multiple locations. Further, Enbridge indicated that its interpretation of the OPR is to “ensure that a MOC process is available for unplanned, unexpected or infrequent changes that are not already embedded in existing activities and processes. There is no requirement in the OPR for these various management of change processes to be formally tied to one another.”
The Board has found that Enbridge’s interpretation and practices are inconsistent with the Board’s interpretation of the OPR process requirements. The Board notes that the OPR requires a company to develop a management system MOC process that identifies and manages any change that could affect safety, security or the protection of the environment, not only those described by Enbridge. Further the Board notes that, while a company may have multiple processes, there still must be consistency in process requirements, development and implementation as well as coordination of the various practices in order to meet the OPR requirements and to ensure formal management. The Board notes that a singular management system process developed to meet the OPR requirements, as prescribed, would address these requirements.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Emergency Management Program Management of Change Process
The Board found that, at the department level, IMS-07, section Management of Change referenced Enbridge’s IMS-01 governance process.
Additionally, the company’s Operating & Maintenance Procedures Management System (OMMs), Book 7, Emergency Response and Book 1, General Compliance Reference described the company’s requirements for MOC. The Board has found that these requirements in Book 7 were focused on the updating of the Emergency Plans and are not overall management of change process. As well, Enbridge staff interviewed consistently identified that the primary MOC process in use at the time of the audit was the LP MOC process which is included in Enbridge’s OMM documentation.
Review of Enbridge’s program level MOC practices indicated that, notwithstanding the governance process issues described above, the Board found that Enbridge had established and embedded MOC requirements within many aspects of its emergency management program.
In addition, Enbridge demonstrated that it had developed and implemented a Project Integration Program for Emergency Management that ensures that the Emergency Management Program is up-to-date before projects are handed over to Operations. Key activities involved in the Project Integration Program include defining roles and responsibilities, assessing the impact of new construction on existing emergency management program elements, updating the Emergency Management Program and communicating any changes to internal stakeholders.
Summary
The Board found that Enbridge demonstrated that it had established and implemented a number of MOC procedures and practices to document and manage change at the program level. The Board identified that all departments and programs were using Enbridge’s Liquids Pipelines MOC process, including Emergency Management, as its primary corporate MOC process. The Board, however, identified that this process did not meet all of the MOC process requirements and was specifically not intended to be included within its IMS process.
The Board also found that Enbridge was did not demonstrate that it had established and implemented a management system level process that meets the requirements of the OPR.
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
3.4 Training, Competence and Evaluation
Expectations:
The company shall have an established, implemented and effective process for developing competency requirements and training programs that provide employees and other persons working with or on behalf of the company with the training that will enable them to perform their duties in a manner that is safe, ensures the security of the pipeline and protects the environment.
The company shall have an established, implemented and effective process for verifying that employees and other persons working with or on behalf of the company are trained and competent, and for supervising them to ensure that they perform their duties in a manner that is safe, ensures the security of the pipeline and protects the environment. The company shall have an established, implemented and effective process for making employees and other persons working with or on behalf of the company aware of their responsibilities in relation to the processes and procedures required by the management system or the company’s protection programs.
The company shall have an established, implemented and effective process for generating and managing training documents and records.
References:
OPR section 6.5(1) (j),(k),(l),(p)
Assessment:
Governance Competency Processes and Training Program
Through interviews and document and record review, the Board found that Enbridge has established and implemented a documented, comprehensive training program applicable to its employees undertaking emergency management activities. The training program is appropriately supported and managed throughout the organization. Enbridge has developed a management system called the Enbridge Learning Management System (eLMS). eLMS provides the mechanism to register, deliver, track and record learning completions. Enbridge’s Human Resources department provides support to all departments for the development of departmental content and eLearning programs and each department manages the content of programs housed in eLMS. The Board verified that Enbridge has implemented the systems to generate, manage and document the various training programs through front line interviews and inspections.
Notwithstanding Enbridge’s training program implementation, the Board found that Enbridge had not established and implemented compliant, documented processes for developing competency requirements that are used to develop training and learning programs and to establish baseline competencies required for employees and others working on behalf of the company to perform assigned tasks in a manner that is that is safe, ensures the security of the pipeline and protects the environment. Similarly, the Board found that Enbridge has not established and implemented a process for verifying competency as required. Interviews with staff indicated that there were undocumented competency evaluation processes being undertaken at the time of the audit; however, they did not meet the Board’s management system process requirements. Record reviews conducted by the Board indicated that Enbridge had at one time implemented a formal Competency Based Training program but that had been officially discontinued a number of years ago. It was identified that staff in some of the regions were still implementing the practices of this program as a method to ensure competency of new staff.
The Board considers competency identification and verification to be a key component in assuring the safety of workers, the public, the environment and facilities. Therefore, this issue was brought to Enbridge’s attention as requiring urgent attention. Enbridge has responded by developing an interim process for identifying and verifying competencies while Enbridge’s Workforce Competency and Qualification Process (WCQP), commenced in 2013, is fully rolled out. This was provided to the Board for review prior to end of its close-out discussions. While not yet demonstrated as established or implemented, based on initial interviews with departmental staff, the Board found that the described practices could meet the Board’s requirements.
The Board’s review of the written governance policy that had been provided by Enbridge indicated that some of the key legally required process requirements were mapped as “red”. According to Enbridge’s described process mapping convention this would indicate that the process steps are “aspirational” and therefore outside of its legal requirements to be measured by the Board. As noted elsewhere in this report, aspirational or stretch practices are encouraged but they cannot include legally required content within this category.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Emergency Management Program Competency Process and Training Program
The Board identified that, at the department level, the Emergency and Security Management System, section 4.5.7, Emergency and Security Training Process outlines the training processes for incident command, emergency operations and security management across the Liquids Pipelines business unit. The General section of this document indicates that the training matrices and integrated contingency plans are created due to regulatory requirements, new emergency response equipment and training needs identified as a result of a post-emergency or exercise analyses.
Training
The Board examined Enbridge’s implementation of its corporate training requirements for its Emergency Management program.
The Board identified that Enbridge’s OMM Book 7, Emergency Response Training Matrix defines the minimum amount of emergency response training required to ensure that personnel have the appropriate knowledge and skills to comply with regulations and respond to emergencies as per the company’s plans. The Emergency Response Training Matrix identifies the required courses along with estimated training hours, training frequency and the provider of the training. The matrix also defines training required by each job function, and specifies whether the training is mandatory, at the discretion of regional management or not required. For example, the training program for the company’s Emergency Management program includes tactical training, Incident Command System training, and hazardous waste operations and emergency response training. The Board reviewed a sampling of training records across each Region for emergency preparedness and response was found that the training being undertaken was consistent with the requirements documented in the Emergency Response Training Matrix. The Board did not find any significant issues.
Competency
In addition to the governance evaluation of competency practices evaluated in the governance section above, the Board evaluated program level practices.
Interviews with Emergency and Security department personnel indicated that a Learning Path Project is in progress. The Learning Path Project is a corporately established training practice that focuses on competency-based training for pipeline management, welders and other personnel that perform the emergency response activities detailed in Book 3 and 4. Enbridge provided information that identified that the training for the Emergency Management program consisted of customized, competency-based, on-the-job training provided to Enbridge field personnel. A learning path progression model established the following training sequence: competency, qualifying, continuous learning, maintenance, second level of qualification (if necessary) and mastery. Qualification levels include Core Level 1 (observation), Core Level 2 (demonstrating performance), Awareness and Region Specific (qualified). The review of this initiative indicated that, while it was not established or implemented as per the Board’s requirements, it did represent a practice that could mitigate Enbridge’s deficiencies if designed and implemented to meet the requirements.
During the audit it was noted that, at the program level, Enbridge had documented many of the competencies and qualifications for emergency management field operations functions in the Liquids Pipelines business unit. During the audit, the Board reviewed competency and qualifications for the following functions: the First-On-Scene Responder Learner Package, the Security Learner Package, and the Containment and Recovery Learner Package. The Learning Plan for the Emergency Management program included documentation that outlined the training required before personnel are allowed onto a work site, on-the-job learning requirements and competency maintenance requirements.
Process for Verification
The Board identified that, consistent with the governance process assessment, Enbridge did not demonstrate that it had a competency verification process that met he OPR requirements. The Board does note, however, Enbridge’s recently developed emergency management Learning Path included an assessment recording practice for verifying the competencies acquired through training. The Learning Path included performance criteria and knowledge criteria. As noted above, however, the Learning Path was still in development and had not been fully implemented at the time of the Board’s audit. Therefore, Enbridge had not yet established a process for verifying the competency and training of people involved in the Emergency Management program.
Review of the program training and competency documentation and records identified one issue. Through interviews with Emergency and Security department personnel and documentation review, the Board found that Enbridge had not defined training and competency requirements associated with its specialized emergency response equipment. Interviews with Emergency Response Coordinators across the regions confirmed that the company had not completed training needs assessments nor had the company listed the emergency response equipment and the training, competency, qualifications and certifications, if required, to use that equipment. The Board notes that companies have the responsibility to ensure that employees are appropriately trained on the use of all equipment they use during the course of their employment. Due to the specialized nature of the emergency response equipment, however, and the role that the equipment plays in protecting people and the environment and the hazardous nature of the work sites where the equipment will be deployed, the Board is of the view that the associated training, competency and certification requirement must be identified, documented and managed.
Summary
The Board found that Enbridge had established and implemented a formal management program for identifying and managing its training requirements.
The Board also found that Enbridge had not established and implemented processes for developing and verifying competency requirements as required by the OPR. The Board also found that Enbridge had started to implement a new process for the identification and verification of worker competency; however, this new process remains non-compliant as it has not been established or implemented.
The Board found that Enbridge had not formally identified, documented and managed the training and competency requirements associated with its specialized emergency response equipment.
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
3.5 Communication
Expectations:
The company shall have an established, implemented and effective process for the internal and external communication of information relating to safety, security and environmental protection. The process should include procedures for communication with the public, company employees, contractors, regulatory agencies and emergency responders.
References:
OPR section 6.5(1)(m)
Assessment:
Governance Communication Process
The Board found that Enbridge’s governance level management system processes are inadequate. Enbridge’s IMS-01 is limited to requiring that each department must develop a communication plan and does not meet the OPR requirements.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Emergency Management Program Internal Communication
While Enbridge was unable to demonstrate that it had established and implemented compliant management system communications processes, Enbridge provided program level documentation and records that indicated it had established formal internal communication practices. Enbridge’s Emergency and Security Management System manual, section 4.4, Communication, Participation and Engagement defined several communication methods including:
- orientations;
- bulletins and advisories;
- ‘Preparedness Week’ communications; and
- emergency and security management process and procedure reviews.
Further Enbridge demonstrated that its management communicates its expectations on a regular basis through field safety visits, safety moments, safety observations, high-value learning events, emails, eLink, desk drops, posters, and other methods. Enbridge provided information that identified that its Emergency and Security department maintained several committees in which regional Emergency Response Coordinators participated and then shared information out to the various regions with respect to the program.
Emergency Management Program External Communication - Emergency Response
Interviews with Emergency Response Coordinators indicated that Enbridge communicates with various external groups using a variety of methods. The company uses its landowner communications processes to communicate with landowners. Regional Emergency Response Coordinators manage communications with provincial and municipal response agencies and stakeholders such as provincial emergency coordinators, police, fire departments, hospitals, etc. Other external communication vehicles included Enbridge’s Public Awareness program, its website, news releases, , local broadcast media and direct contact, where appropriate.
Enbridge demonstrated that, in the event of an emergency, its Emergency Response Plans contain provisions to ensure that regulatory and response agencies and landowners will be notified. Enbridge demonstrated though documentation and records it had established and implemented processes to ensure that the communication information was being kept up to date.
During the audit Enbridge provided information that it had established processes and methodologies to manage and ensure communications during a response. Enbridge demonstrated that its Incident Command System included formal, documented requirements and provisions for internal and external communications. It was noted that the Incident Command System defines specific responsibilities for the public information officer that includes tools, such as role statements and checklists to aid in the organization and management of the communication requirements. Further, Enbridge provided evidence that its Public Affairs and Communication Group is prepared to assist in emergencies by providing clear, factual communication and by laying the groundwork for community relations and media coverage. Enbridge demonstrated it had established methodologies to communicate emergency evacuation information, if required. Enbridge demonstrated that had prepared Emergency Communications standards for communicating internally and externally in the event of an emergency, including alternate means of communication if traditional methods fail and public notification methods if an emergency evacuation is required.
Emergency Management Program External Communication - Liaison with Stakeholders and Response Personnel
Interviews with Enbridge’s Emergency and Security department personnel indicated that emergency response procedures have been shared with government agencies and organizations at the federal level. Regional Emergency Response Coordinators had communicated emergency response activities to regional and local stakeholders.
Enbridge had developed Book 7, 02-02-07, Impacted Landowners and Tenants to identify the tasks and duties required when an emergency threatens to impact landowners and tenants or already has had an impact. The documentation indicated that Land and ROW agents are responsible for completing ROW emergency response packets and distributing pamphlets to be hung on doors. Enbridge described the measures are to be taken to assist landowners and tenants based on the emergency classification, associated tiered responses and the specific circumstances of an emergency. Interviews indicated that Enbridge uses a variety of communication methods in its various regions due to stakeholder capabilities and their anticipated roles in emergency response. Examples provided included having informal discussions with fire department volunteers, providing emergency response documents and holding formal meetings with stakeholders, government agencies and municipal agencies.
Enbridge provided information identifying that it has developed a continuing education program for landowners, other appropriate organizations and agencies, and the public residing adjacent to the pipeline. Enbridge staff indicated that its continuing education program informs people of the location of the pipeline, potential emergency situations involving the pipeline, and the safety procedures to be followed in the case of an emergency. Enbridge uses information packets, ongoing communication, visits and other mechanisms to implement this continuing education program in each region.
The Board’s review of Enbridge’s external emergency management communication requirements identified a number of deficiencies.
Enbridge did not demonstrate that it had an external communication process directly applicable to its continuing education program. Additionally, Enbridge had not established or implemented a process that ensured consistent and appropriate liaison with its stakeholders that may be involved in an emergency. Audit interviews with regional Emergency Coordinators indicated that each person uses his or her own individual approach to liaise with stakeholders. The Board identified that the Emergency Coordinators use various approaches, (some informal and undocumented; others structured and documented) to inform police, fire, hospitals and other stakeholders about the emergency response procedures and the Incident Command System. Additionally, the Board found that each region used its own approach for consultation when developing and updating the emergency procedures documentation. Therefore, Enbridge’s continuing education communication program was found to be inconsistent across the company’s regions, both in terms of its comprehensiveness and in terms of how the regions perform such communication. Additionally, due to the lack of documentation Enbridge could not demonstrate the adequacy and implementation of its practices.
Summary
The Board found that Enbridge communicated internally and externally with respect to its Emergency Management program throughout its organization as a matter of practice.
The Board found that Enbridge had established a number of formal practices and methodologies to communicate and manage its communication during an emergency.
The Board also found that Enbridge had not established or implemented a communication process that meets the Board’s management system process requirements. Additionally, the Board found deficiencies relating to Enbridge’s Continuing Education and Liaison requirements.
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
3.6 Documentation and Document Control
Expectations:
The company shall have an established, implemented and effective process for identifying the documents required for the company to meet its obligations to conduct activities in a manner that ensures the safety and security of the public, company employees and the pipeline, and protection of property and the environment. The documents shall include all of the processes and procedures required as part of the company’s management system.
The company shall have an established, implemented and effective process for preparing, reviewing, revising and controlling documents, including a process for obtaining approval of the documents by the appropriate authority. The documentation should be reviewed and revised at regular and planned intervals.
Documents shall be revised where changes are required as a result of legal requirements. Documents should be revised immediately where changes may result in significant negative consequences.
References:
OPR sections 6.5(1)(i),(n),(o), 6.5(3)
Assessment:
Governance Process for Identifying the Documents Required to Meet its Obligations
This sub-element includes the requirements to develop a process for identifying the documents required for the company to meet its obligations described in OPR section 6.
In the information provided to the Board, Enbridge indicated that its interpretation of the OPR requirements is that the required documents to meet its obligation are “those documents developed as part of the management system required by the OPR”. Enbridge further identified that its management system design is comprehensive and encompasses the all of the company’s activities that are designed to meet the obligations. As such it indicated that its IMS-01 section 1.3 Integrated Management Structure identifies the documents required. The Board’s review of this section indicated that it did not constitute a list of documents or classes/categories of required documents. It was a high level description of the nineteen management systems that comprise Enbridge’s management system and high level descriptions of the content of each.
Governance Documentation and Document Control
During the audit, Enbridge was not able to demonstrate that it had established or implemented a governance management system process that meets the Board’s Documentation and Document Control process requirements. Enbridge did not provide a documented management system process until after the Board’s closeout discussions. This document was dated 22 August 2014; however, until provided by Enbridge, the Board was not presented evidence of its existence either as a document or as referred to by Enbridge staff during interviews. The Board could not therefore verify its establishment or implementation during the audit.
The Board’s review of this document indicated that it did not meet the OPR management system process requirements as described elsewhere in this audit report. As well the Board could not determine the applicability of the process to the programs required in OPR section 55 as the process as written only appears to apply to the governance management system processes.
Regardless of the Enbridge’s lack of compliant management system processes, the Board found that Enbridge does have some document control processes that it is presently using on a corporate basis. Enbridge governs its document processes through its Documents Policy, which is available on the company’s intranet and through an online tool called the Governance Documents Library. The Board identified that the Documents Policy and its associated practices and tools set Enbridge’s minimum standards for documents and document tracking.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Emergency Management Program Documentation and Document Control
Document Control
During the audit, Enbridge identified that, at the program level, the Emergency and Security Department program, Book 7 outlined the company’s requirements for ensuring complete and accurate documentation of emergency response activities. This included: essential documentation; level 2 emergency documentation; level 3 emergency documentation; and environment, wildlife and negotiations documentation. Additionally, interviews with Enbridge emergency response personnel indicated that the company’s Documents Policy and its OMS, Operating and Maintenance Procedures Maintenance Standard define the company’s key document control requirements for its OMMs. No issues were identified with respect to these documents and their associated activities.
Summary
The Board found that, at the program level, Enbridge demonstrated that it had developed document control lists and procedures and practices for managing and controlling its Emergency Management program documents that address many of the OPR requirements.
The Board also found that, at the governance level, Enbridge had developed its new IMS-01, section 4.9 Governance Document Control Process, dated 22 August 2014; however, Enbridge did not demonstrate that this process met the OPR requirements or had been established and implemented.
The Board also found that Enbridge did not demonstrate that it had a process for identifying the documents required to meet its obligations under OPR section 6.
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
4.0 CHECKING AND CORRECTIVE ACTION
4.1 Inspection, Measurement and Monitoring
Expectations:
The company shall have an established, implemented and effective process for inspecting and monitoring the company’s activities and facilities to evaluate the adequacy and effectiveness of the protection programs and for taking corrective and preventive actions if deficiencies are identified. The evaluation shall include compliance with legal requirements.
The company shall have an established, implemented and effective process for evaluating the adequacy and effectiveness of the company’s management system, and for monitoring, measuring and documenting the company’s performance in meeting its obligations to perform its activities in a manner that ensures the safety and security of the public, company employees and the pipeline, and protection of property and the environment.
The company shall have an established, maintained and effective data management system for monitoring and analyzing the trends in hazards, incidents and near-misses. The company shall have documentation and records resulting from the inspection and monitoring activities for its programs.
The company management system shall ensure coordination between its protection programs, and the company should integrate the results of its inspection and monitoring activities with other data in its hazard identification and analysis, risk assessments, performance measures and annual management reviews, to ensure continual improvement in meeting the company’s obligations for safety, security and protection of the environment.
References:
OPR sections 6.1(d), 6.5(1)(g)(s)(u)(v), 56
Assessment:
Governance Inspection, Measurement and Monitoring
The Board requires companies to have an established, implemented and effective process for inspecting and monitoring the company’s activities and facilities to evaluate the adequacy and effectiveness of the protection programs and for taking corrective and preventive actions if deficiencies are identified.
Through staff interviews, and document and record review, the Board found that Enbridge has documented its governance management system inspection, measurement and monitoring practices in its IMS-01 manuals. The IMS documents describe Enbridge’s process for Health Checks, internal reviews, audits and external audits. The Board completed a full review of the Health Checks, internal reviews, audits and external audits as part of its evaluation of Enbridge’s Internal Audits and Quality Assurance Program and has documented them in Sub-element 4.3 Internal Audits, below. The Board has identified deficiencies with the processes and practices that directly relate this sub-element as well. The Board, however, will not assign an additional non-compliance based on that finding within the section. Enbridge’s CAP must include corrective actions that ensure that the processes will address the linked requirements within this sub-element explicitly.
Governance Corrective and Preventive Actions
During the audit, Enbridge indicated that its IMS, section 4.6, Corrective and Preventive Action Management Process defines the minimum standards for administering, tracking and managing corrective and preventive actions through their implementation and resolution. This process applies to Enbridge departments and addresses events, hazards and near-misses. This process includes Health Checks, internal reviews, regulatory inspections, investigation and audits. The documentation provided at the time of the audit does not show that Enbridge’s Corrective and Preventive Action Management Process has been fully implemented. Portions of the process, according to the process map, have only been partially implemented at the IMS level.
The Board notes that the requirement to have a process to take corrective and preventive action is included in many of the sub-elements within the Board’s audit protocol and the OPR. The Board therefore requires the corrective action plan developed to address the deficiencies identified for this sub-element to explicitly include all sub-element and OPR requirements, where corrective and preventive actions are referenced.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Emergency Management Program Inspection, Measurement and Monitoring
As noted elsewhere in this report, the Board has found deficiencies with Enbridge’s governance management system processes for this sub-element. Enbridge did, however, demonstrate that it had implemented processes and practices to undertake inspections and monitor its activities that apply to its Emergency Response program.
During the audit, Enbridge demonstrated that it had routinely undertaken inspections of its emergency response equipment to check its condition and availability. The Board noted that the process observed during its document and record review supported its overall assessment with respect to Enbridge’s lack of a compliant management system process. Interviews with Emergency and Security department personnel and review of emergency documentation indicated that Enbridge did not have defined processes for performing inspections for its Emergency Management Program. Also, Enbridge depended on each region to develop its own local inspection process. The Board’s review of inspections performed in Enbridge’s Western, Central and Eastern Regions indicated that the inspections vary depending on the region, the regional field personnel and Emergency Coordinator involved. While no deficiencies were noted during the Board’s review of the program level practices, the Board notes that a fully established an implemented, compliant governance process should improve the consistency and quality of the practices applied across the regions.
During the audit, Enbridge indicated that its Emergency Exercises serve to monitor and confirm its emergency response planning and capability.
Enbridge indicated that its OMM Book 7, Emergency Response, Subject Number 01-02-03 outlines the company’s standards for developing, delivering and tracking emergency management and security exercises. Review of this and other associated documentation and records in Enbridge’s head office and regions identified that it had established and implemented formal processes and practices to meet its monitoring requirements.
The Board noted that Enbridge had established a 3 year frequency standard for conducting exercises, drills and tests to monitor the adequacy and effectiveness of its planning, incident command, equipment, notification and training among other things.
Enbridge demonstrated that it had established documented standards for developing, delivering and tracking emergency management and security exercises. Enbridge had developed its Exercise Design Guide that provides exercise design and planning direction to its regional staff who are responsible for developing the individual exercises. Enbridge demonstrated that it had established and implemented documented processes and practices that ensure that the exercises are formally evaluated and that learnings and required changes (corrective and preventive actions) are tracked thorough to resolution.
During interviews and through document and records provided during the audit, Enbridge demonstrated that its exercise program and individual exercises are monitored and managed actively by its Emergency and Security departmental staff and all levels of its management structure. As an example, the Board noted that regional managers ensure that the exercises are conducted in accordance with an established Exercise Design Guide and also ensure that the emergency exercises include each of the 15 core components identified in its established PREP Guidelines at least once during each triennial cycle.
The Board attends company exercises as part of its standard compliance verification activities. The Board has attended Enbridge’s exercises, drills and equipment deployments over the last number of years and has had the opportunity to observe Enbridge’s practices. No significant issues were noted during the activity reporting reviewed as part of this audit.
Summary
The Board found that, at the program level, Enbridge had established requirements for inspecting and monitoring its activities and facilities. Enbridge demonstrated that it been conducting inspections relating to its Emergency Management program.
The Board also found that Enbridge’s governance level management system processes for undertaking inspections and for taking corrective and preventive actions did not meet the requirements of the OPR.
The Board found that Enbridge had established and implemented an emergency management exercise program to test and monitor it emergency response planning and capabilities.
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
4.2 Investigating and Reporting Incidents and Near-misses
Expectations:
The company shall have an established, implemented and effective process for reporting on hazards, potential hazards, incidents and near-misses, and for taking corrective and preventive actions. This should include conducting investigations where required or where hazards, potential hazards, incidents and near-misses have or could have resulted in the safety and security of the public, company employees and the pipeline, and protection of property and the environment, being significantly compromised.
The company shall have an established, maintained and effective data management system for monitoring and analyzing the trends in hazards, incidents and near-misses.
The company should integrate the results of its reporting on hazards, potential hazards, incidents and near-misses with other data in hazard identification and analysis, risk assessments, performance measures and annual management reviews, to ensure continual improvement in meeting the company’s obligations for safety, security and protection of the environment.
References:
OPR sections 6.5(1)(r)(s)(u)(w)(x), 52
Assessment:
Governance Investigating and Reporting Incidents and Near-misses
The Board notes that there is not a specific OPR management system or other process development requirement for investigating incidents or near-misses. The Board, however, considers processes for conducting investigations to be implicit with any process developed to satisfy OPR 6.5(1) (r) and therefore companies must demonstrate how they develop adequate and effective corrective and preventive actions associated with incidents and near-misses.
Enbridge provided its IMS-01 4.10 Event Investigation Processes, and its IMS-01 4.6 Corrective and Preventive Action Management (CAPA) Process in support of it meeting the requirements of OPR 6.5(1)(r). The Board found that Enbridge’s Event investigation Processes were designed in aid of understanding the causes of events from the perspective of root and contributory causes to prevent recurrence within the Enbridge entities to which it is applied. The processes included Event Investigation Principles, Event Impact Criteria and Low and Medium and High Impact Event Investigation Processes. The IMS-01 4.10 processes were documented in detail. Review of the associated process maps indicated that the processes included specific links to the IMS-01, 4.6 CAPA process for assurance of consistent corrective and preventive action development and implementation. Review of the IMS-01, 4.6 CAPA Process is documented below.
The Board noted that the process maps provided to the Board indicated that the processes had not been full established and implemented at the time of the Board’s audit. Regardless of the full implementation of the processes, the Board was able to see evidence of implementation of key investigation process activities within Enbridge’s program level activities in its audit activities.
Governance Corrective and Preventive Actions
During the audit, Enbridge indicated that its IMS, section 4.6, Corrective and Preventive Action Management Process defines the minimum standards for administering, tracking and managing corrective and preventive actions through their implementation and resolution. This process applies to Enbridge departments and addresses events, hazards and near-misses. This process includes Health Checks, internal reviews, regulatory inspections, investigation and audits. The documentation provided at the time of the audit does not show that Enbridge’s Corrective and Preventive Action Management Process has been fully implemented. Portions of the process, according to the process map, have only been partially implemented at the IMS level.
The Board notes that the requirement to have a process to take corrective and preventive action is included in many of the sub-elements within the Board’s audit protocol and the OPR. The Board therefore requires the corrective action plan developed to address the deficiencies identified for this sub-element to explicitly include all sub-element and OPR requirements, where corrective and preventive actions are referenced.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Emergency Management Program Incident Reporting
Enbridge’s Emergency Activation Procedures document defines the company’s requirements for assessing and confirming the level of an emergency in order to activate a tiered response. Enbridge was able to demonstrate the establishment and implementation of this process.
Emergency management programs are intended to address incidents and as such rely on the adequacy of other operational management program reporting and investigation processes. The Board concurrently audited Enbridge’s safety, integrity, environmental, third-party crossings and public awareness programs. No deficiencies related to program level incident reporting and investigations were noted in those audits. The review of each of the program processes is contained within sub-element 4.2 of the individual program’s audit report.
Additionally, Enbridge’s Emergency Activation Procedures document defines the company’s requirements for assessing and confirming the level of an emergency in order to activate a tiered response. Enbridge was able to demonstrate the establishment and implementation of this process.
Summary
As per this and other concurrent operational program audits undertaken by the Board, Enbridge demonstrated it has developed processes for reporting on hazards, potential hazards, incidents and near-misses and conducting investigations as they relate to the Emergency Management program.
The Board also found that, at the governance level, Enbridge’s IMS-01, section 4.10 Event Investigation Processes, dated 11-December 2013 had been documented and included in its Governing Policies and Processes Management System manual and that key activities were being implemented within its programs. These processes were, however, identified as “In Progress” and therefore not established and implemented.
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
4.3 Internal Audits
Expectations:
The company shall have an established, implemented and effective quality assurance program for its management system and for each protection program, including a process for conducting regular inspections and audits and for taking corrective and preventive actions if deficiencies are identified. The audit process should identify and manage the training and competency requirements for staff carrying out the audits.
The company should integrate the results of its audits with other data in hazard identification and analysis, risk assessment, performance measures and annual management review, to ensure continual improvement in meeting the company’s obligations for safety, security and protection of the environment.
References:
OPR section 6.5(1)(w)(x)
Assessment:
Governance Quality Assurance Program
During the Board’s audit, Enbridge indicated that quality assurance is implicit within a management system, especially within the “Check-Act” elements of the standard “Plan-Do-Check-Act” structure to which it follows. Therefore, Enbridge’s indicated that it met the Board’s requirements to establish and implement a documented Quality Assurance Program by having a documented, appropriately designed management system that incorporates quality assurance activities.
In reviewing Enbridge’s “Check-Act” elements, the Board noted that they do contain a number of activities that would normally be considered quality assurance activities. Examples of these activities are inspections, audits, data trending, monitoring performance measures, etc. Within the limitations of the results of the Board’s audit associated with the various sub-elements, the Board was able to view records of the activities being implemented as required.
The Board has found, however, that Enbridge’s interpretation of Quality Assurance Program is incorrect. The Board has found that Enbridge has not met its expectations with respect to “programs”. The Board has provided clear guidance as part of the guidance notes that accompany the OPR that a program is not simply a description of activities. Programs are: “a documented set of processes and procedures designed to regularly accomplish a result. A program outlines how plans, processes and procedures are linked, and how each one contributes toward the result. Program planning and evaluation are conducted regularly to check that the program is achieving intended results”. The Board’s definition is included in Section 1.0 Audit Terminology and Definitions of the attached audit report.
Governance Internal Audits
Enbridge indicated that its management system includes processes that meet the Board’s auditing process requirements. Enbridge indicated that it accounts for the OPR requirements using a combination of its Health Check and Internal Review processes. While not standard in its approach to conducting audits, the Board reviewed Enbridge’s practice to determine whether it met the OPR requirements. Additionally, Enbridge indicated that the Board should consider the audits completed as part of its Internal Auditing program activities as part of its demonstration of undertaking the required audits.
The Board found through its review of documentation and records associated with the two referenced processes that they did not individually or together constitute a compliant auditing process. The Board found that both processes were specifically designed not to be exhaustive in their reviews of practice, processes or legal requirements. Further, the Internal Review process had not been fully established or implemented at the time of the audit. Enbridge was in the process of confirming the design of the process by conducting a review of one of its internal processes.
As noted, Enbridge provided a description of its Internal Auditing process and activities as well as selected records of completed audits as a demonstration of completing audits. Review of the Internal Audit process indicated that it was a process designed to be implemented based on corporate risk priorities as directed by Enbridge’s senior governance and not a repeatable compliance review process applicable directly to the Board’s requirements. Additionally, the audit records did not demonstrate it had conducted audits compliant with OPR sections 53 or 55.
Additionally, Enbridge indicated that it had conducted a number of internal and 3rd party assessments of its management system against its OPR requirements. Review of the associated records provided by Enbridge indicated that they were evaluations of the alignment of Enbridge’s management systems with the OPR management system and program requirements and did not evaluate the adequacy and effectiveness or compliance of the company practices.
Based on the Board’s review of Enbridge’s audit processes, audit activities completed to date and other linked processes such as those related to legal requirements, Enbridge was unable to demonstrate that it had completed audits consistent with section 53 of OPR. Further, the Board finds Enbridge’s integrated management system process for conducting audits does not meet the Board’s requirements from the perspective of present design and of Enbridge’s interpretation of audits.
As noted above, Enbridge’s Health Check and Internal Review processes have specific design issues that, when evaluated together, do not meet the Board’s audit expectations with respect to comprehensiveness of the required audits. Additionally, the Board finds that Enbridge’s interpretation that the OPR audit requirements can be met using a combination of processes conducted over a number years is incorrect. The Board notes that there is a common understanding that an audit is a discrete verification activity that allows for an assessment of conformance/compliance to be made at a given time. The Board notes that the comprehensive audits it requires necessitates evaluation of systems and programs that require evaluation of linked processes and evaluations of the adequacy and implementation of the system, programs and processes. This requires specific coordination of the reviews in terms of time, processes, programs and regions. Enbridge’s present practices, based on its interpretation of the regulations, do not allow for the required assessments to be made. The Board understands that audits often contain a number of different activities; however, each activity is coordinated within the auditing process and scheduled within the individual plan for the audit.
Auditor Training
This sub-element indicates that a company audit process should identify and manage the training and competency requirements for staff carrying out the audits. Enbridge did not demonstrate that its training and competency activities account for staff implementing its audit related processes. The Corrective Action Plan associated with the Board’s Non-Compliant finding related to Training and Competency and Evaluation as described in sub-element 3.4 above will need to explicitly address this issue.
Governance Corrective and Preventive Actions Process
The Board’s audit process requirements include establishment and implementation of a process for taking corrective and preventive actions to address any deficiencies identified by the audits. As part of its review of the documentation and records provided by Enbridge, the Board reviewed the establishment and implementation Enbridge’s corrective and preventive action process. The Board found that Enbridge had developed a Corrective and Preventive Action (CAPA) Management Process and included it within its IMS governance documentation (IMS-01, section 4.6 Corrective and Preventive Action Management Process). Review of this governance process indicated that it did not meet the Board’s process design requirements as outlined in Section 1.0 Audit Terminology and Definitions section of the attached audit report. For example there are no definitions of corrective or preventive actions or appropriate linkages to or from other management system processes. Additionally, the process map indicated that none of the identified steps had been fully implemented. As well, review of the audit records provided indicated that audits conducted over multiple years and on different regions had made identical findings in each audit. This observation brings into question the design and or implementation of Enbridge’s preventive action development process. Further, review of auditing activity records supplied by Enbridge as part of the review of this sub-element indicated that corrective actions were not being closed-out consistently or as scheduled or within a reasonable length of time.
The Board notes that the requirement to have a process to take corrective and preventive action is included in many of the sub-elements within the Board’s audit protocol and the OPR. The Board therefore requires the corrective action plan developed to address the deficiencies identified for this sub-element to explicitly include all sub-element and OPR requirements, where corrective and preventive actions are referenced.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Emergency Management Program Quality Assurance Program and Internal Audits.
Quality Assurance Program
As noted above, Enbridge was unable to demonstrate that it has an established, implemented and effective quality assurance program for its management system and emergency management program; however, the company did provide examples of completed audit and review activities and did provide an overview of several inspection programs which are being completed on a regular basis. Specific to the emergency management program, response exercises are utilized for testing the emergency response processes and the capabilities of personnel using emergency response equipment.
Additionally, Enbridge’s indicated that its business planning process is a core mechanism for reviewing the effectiveness of its Emergency Management Program. Enbridge demonstrated that its annual business plans are reviewed on a regular basis by senior management that it monitors its performance against its set targets, and its progress in achieving the initiatives. The company identified that corrective actions are taken to address performance issues as necessary.
It was also identified that Enbridge uses the Emergency and Security department dashboard to report on its emergency management program and facilitate improvement. Senior personnel in the Emergency and Security department regularly meet to review metrics against performance expectations, and establish corrective actions as required.
Internal Audits
As noted previously, Enbridge utilizes a combination of its Health Check Process and its Internal Review Process to meet the Board’s OPR requirements. The Board found that this process is deficient; however, the Board reviewed Enbridge’s audit practices and results to determine whether the company was meeting its audit requirements at a program level. During the audit, Enbridge provided documentation and records relating to its program audit practice. Review of the information provided indicated that Enbridge has had several assessments of its Emergency Management Program. The following are some key examples:
- Emergency Response Capabilities Assessment Report completed by the Response Group, December 2012; and
- Canadian Emergency Response Plan Gap Analysis completed by H2Safety Services Inc., September 2013.
The Board also noted that Enbridge’s emergency management program had been subject to an audit. The Board issued Order SO-E101-003-2013 to Enbridge on 10 June 2013. Condition 3 of the Order directed Enbridge to contract an independent third party expert to conduct an audit of it emergency management program. Enbridge was directed to develop and implement a corrective action plan to address any recommendations made by the audit. Enbridge has complied with this request and is in the process of implementing its corrective action plan. Enbridge has therefore met the OPR requirements with respect to conducting an audit of this program as per section 55.
Review of the information provided by Enbridge indicated that it has not completed an audit consistent with the requirements of section 53 of the OPR. The Board notes that this was a finding of the ordered audit to which Enbridge has already developed an approved corrective action plan. The Board will monitor the implementation of that CAP as per its standard compliance verification processes.
Summary
The Board found that Enbridge demonstrated that it is conducting many of the activities that are normally contained within a quality assurance program on a regular basis. The Board also found deficiencies with Enbridge’s Quality Assurance Program from the perspective of definition, design and management.
The Board found that Enbridge had undertaken an audit of the emergency management program consistent with the requirements of section 55 of the OPR. The Board also found that Enbridge had not undertaken an audit consistent with section 53 of the OPR. The Board noted that Enbridge had already developed a Board approved corrective action plan for this issue with a 31 December 2015 completion date.
The Board found deficiencies with respect to the design of Enbridge’s management system audit processes.
The Board found that Enbridge had not established and implemented a management system process for taking corrective and preventive actions at both the management system and program levels that meets the OPR requirements. The Board notes that the requirement to have a process to take corrective and preventive action is included in many of the sub-elements within the Board’s audit protocol and the OPR. The Board therefore requires the corrective action plan developed to address the deficiencies identified for this sub-element to explicitly include all sub-element and OPR requirements, where corrective and preventive actions are referenced.
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
4.4 Records Management
Expectations:
The company shall have an established, implemented and effective process for generating, retaining, and maintaining records that document the implementation of the management system and its protection programs, and for providing access to those who require them in the course of their duties.
References:
OPR section 6.5(1)(p)
Assessment:
Governance Records Management
During the Board’s audit, Enbridge provided the Board with a copy of its draft governance Records Management Process. The Board’s review indicated that process incorporated its existing practices along with new requirements within it. The Board could not determine the adequacy of the process as some of the referenced Tier 2 and 3 documents were not provided with Enbridge’s submission. As well, the Board did not find that the process was established or implemented as it was considered by Enbridge to be in draft format and staff interviewed did not refer to it as a required process during interviews. The Board found that Enbridge has not established or implemented a management system process the meets the OPR requirements. This lack of a compliant management system process, however, is not indicative of a lack of formal records management within Enbridge.
The Board found that, at the time of the audit, Enbridge managed its records according to its Records Management Policy. Based on this policy Enbridge had developed its Records Retention Schedule and Records Development and Sustainment Standard that further guided its records practices. In reviewing these documents, the Board found that Enbridge has established practices for generating, retaining and maintaining its corporate records.
The Board’s review of Enbridge’s corporate records management practices identified that the company’s Records Management department is responsible for developing and maintaining the company’s records management requirements and recommended processes, and that its individual department managers are responsible for maintaining and implementing processes and practices at the department level. Department managers develop, maintain and implement departmental records procedures that are aligned with the company’s records management requirements. During its audit the Board found that the established requirements and practices were being implemented on a consistent basis and that the existing requirements were incorporated into the draft Records Management Process.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Emergency Management Program Records Management
The Board identified that, in addition to Enbridge’s corporate record management practices, the Emergency and Security department has developed additional requirements applicable to some of its emergency management activities. During the audit, Enbridge indicated that OMM, Book 7 outlines the company’s requirements for ensuring that it maintains complete and accurate documentation of its emergency response activities. Review of this documentation indicated that it included a number of types of records that need to be retained. Key examples of records requiring specific retention practices included:
- level 2 emergency documentation;
- level 3 emergency documentation;
- photographs; and
- records of environmental protection, wildlife and negotiations.
The Board identified that Enbridge’s emergency response exercises are tracked through an electronic on-line system that can be used to retain the exercise records including lessons learned and track the implementation of corrective actions.
A review of records related to Enbridge’s Emergency Management program at several locations indicated that record storage and retention practices varied. Interviews confirmed that the company did not have formal procedures for retaining Emergency Management program records within the regions. The Board, therefore, found that Enbridge’s program level records processes had not been established and implemented in a manner consistent with the OPR requirements.
Summary
The Board found that Enbridge had developed a draft governance Records Management Process as part of it Integrated Management System. The Board also found that, due to the draft nature of the process and the lack of Tier 2 and 3 documentation provided during the audit, Enbridge did not demonstrate that it has established and implemented a management system process that meets the OPR requirements.
The Board also found that Enbridge had implemented a consistent records management practice for application across its organization.
Enbridge demonstrated that it had developed program specific record management practices for application within in Emergency Management program; however, the Board found deficiencies with respect to design and implementation.
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
5.0 Management Review
5.1 Management Review
Expectations:
The company shall have an established, implemented and effective process for conducting an annual management review of the management system and each protection program and for ensuring continual improvement in meeting the company’s obligations to perform its activities in a manner that ensures the safety and security of the public, company employees and the pipeline, and protection of property and the environment. The management review should include a review of any decisions, actions and commitments which relate to the improvement of the management system and protection programs, and the company’s overall performance.
The company shall complete an annual report for the previous calendar year, signed by the accountable officer, that describes the performance of the company’s management system in meeting its obligations for safety, security and protection of the environment and the company’s achievement of its goals, objectives and targets during that year, as measured by the performance measures developed under the management system and any actions taken during that year to correct deficiencies identified by the quality assurance program. The company shall submit to the Board a statement, signed by the accountable officer, no later than April 30 of each year, indicating that it has completed its annual report.
References:
OPR sections 6.5(1)(w),(x), 6.6
Assessment:
(The sub-element is attributed to companies’ senior management and Accountable Officer; therefore, the Board does not break up its review into governance and program levels).
Annual Management Reviews
IMS-01, section 4.3 outlines the Management System Review Process for ensuring that each management system, including IMS-07, is reviewed annually to confirm that the desired results are being achieved.
The Board reviewed the 2012 Management Review Report and it demonstrated that Enbridge assesses its Emergency Management Program activities, results and completed improvements. The reports also included a list of planned improvements. Enbridge indicated that an additional process, PC-1801, Accountable Officer Report Development Process, is also used to evaluate the management system. The output of the PC-1801 process is the Annual Report.
Upon reviewing of Enbridge’s processes and records supporting implementation of an annual management review, the Board noted the following:
- IMS-01, Management System Review Process is not fully established; as defined by Enbridge standards, all process steps were considered aspirational;
- PC-1801, Accountable Officer Report Development Process is not referenced or inferred in IMS-01 or IMS-09, and thus is not integrated into Enbridge’s management system;
- PC-1801, Accountable Officer Report Development Process is not established as per the Board’s working definition (approval date on the document is 21 October 2014); and
- While certain tasks are being reviewed by practice or by exception, the IMS-09 annual review process does not include a review of the implementation of the Integrity Management Program at the operations level.
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has determined that Enbridge has not established and implemented a process for conducting an annual review of its management system and protection program. Enbridge will have to develop corrective actions to address the described deficiencies.
Adequacy and Effectiveness of the Management System
While the Board has listed this requirement under sub-element 4.1 of the Protocol, Enbridge indicated during the audit that its IMS-01, Management System Review Process is also used to evaluate the adequacy and effectiveness of the company’s management system. When reviewing the content of this governance process, Enbridge indicated that each process within the management system is reviewed to ensure effectiveness.
Enbridge has developed an additional process, PC-1701, Management System Evaluation Process. The PC-1701 process includes an evaluation of the adequacy and effectiveness of the overall management system. Records provided to demonstrate implementation of these processes include:
- 2013 Internal Management System Alignment Assessment; and
- 3rd Party Assessment (Dynamic Risk) completed in 2013.
Upon review of the various processes and records supporting the implementation of a process for evaluating the adequacy and effectiveness of the company’s management system, the Board noted the following:
- IMS-01, Management System Review Process is not fully established; as defined by Enbridge standards, all process steps were considered aspirational;
- IMS-01, Management Review Process does not include an evaluation of the adequacy of the management system;
- PC-1701, Management System Evaluation Process is not referenced or inferred in IMS-01 or IMS-09, and thus is not integrated into Enbridge’s management system;
- Internal Management System Alignment Assessment describes assessing adequacy, effectiveness and implementation of processes, but it is based on the OPR requirements and not an evaluation of Enbridge’s management system as designed;
- 3rd Party Assessment (Dynamic Risk) is strictly an alignment/compliance assessment to the OPR 6.1-6.6 requirements and does not attest to the adequacy or effectiveness of Enbridge’s management system (IMS 01 et al).
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has determined that Enbridge has not established and implemented a process for evaluating the adequacy and effectiveness of the management system. Enbridge will have to develop corrective actions to address the described deficiencies.
Annual Report
Enbridge develops an Annual Accountable Officer Report that describes the performance of the company’s management system in meeting its obligations for safety, security and protection of the environment. The report also describes the company’s performance in achieving its goals, objectives and targets during that year. The company’s performance is evaluated against the performance measures developed under the management system and any actions taken that year to correct deficiencies identified by the quality assurance program. The PC-1801, Accountable Officer Report Development Process describes the required process for developing the Annual Accountable Officer Report. According to this process, the Annual Accountable Officer Report must “detail the performance of Enbridge LP management system and will cover areas of leadership, performance measures, internal review, management review and corrective actions taken.” The report must also include details about achievement of goals, objectives and targets during that year as assessed through performance measures.
According to the PC-1801, Accountable Officer Report Development Process, Enbridge must complete its Annual Accountable Officer Report, have it signed by the accountable officer, and submit it to the Board no later than April 30 of each year. The Board confirmed that the Annual Accountable Officer Report for the 2013 performance year was signed by the accountable officer and submitted to the Board by April 30, 2014.
Upon review of the Annual Report, the Board noted that the report does reference some internal and external reviews conducted on the management system. The Annual Report also includes a section that describes the actions taken that year to address deficiencies. However, Enbridge’s Annual Report does not specify the deficiencies and actions items, and does not focus on the development and status of the management system. While it is important to communicate this information to the accountable officer, it is not fully representative of the Board’s Quality Assurance program requirement (see sub-element 4.3). Thus, it is unclear whether the accountable officer is aware of the actions taken that year to address deficiencies identified by the Quality Assurance program. The Board also noted that the deficiencies identified in sub-elements 1.2 and 2.3 will need to be addressed in future annual reports.
Management Responsibility
Further to the review of these processes and activities, the Board notes that Enbridge has not conducted compliance audits consistent with its OPR obligations. The Board views the responsibility for undertaking these audits as resting with the company’s senior management (as represented by its Accountable Officer) as the annual report developed as per OPR specifically requires review and reporting on aspects of the Quality Assurance program (specifically including audits) and performance of the management system in meeting its obligations under OPR section 6. Additionally, the Board has made Non-Compliant findings related Sub-elements 1.2 Policy and Commitment Statements and 2.3 Goals, Objectives and Targets that relate to the development of explicit policies and goals required by the OPR. While the Board’s Non-Compliant findings are mitigated by the nature of the deficiencies (implicit inclusion vs. explicit requirements with respect to policies) and the existing, Board approved corrective action plan with respect to the compliance audits, it is the responsibility of company management to ensure the development and implementation of compliant policies and goals that guide the company’s management system and programs.
Summary
The Board found that Enbridge had developed processes for and undertaken activities relating to its Management Review responsibilities.
The Board also found that Enbridge’s processes did not meet all of the requirements outlined in the OPR.
The Board has found that Enbridge has not conducted audits consistent with the requirements of OPR section 53; however, Enbridge has developed a Board approved corrective action plan to address this issue.
The Board also found that some of the Non-Compliant findings in this audit are related to sub-elements where Enbridge’s Senior Management have responsibilities to ensure that management direction, oversight and formal monitoring are occurring.
Based on the Board’s evaluation of Enbridge’s management system and Emergency Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
- Date modified: