ARCHIVED - National Energy Board Onshore Pipeline Regulations (OPR) - Final Audit Report of the Enbridge Pipelines Inc. Safety Management Program - Appendix I - Safety Management Program Audit Evaluation Table
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Appendix I
Safety Management Program Audit Evaluation TableFootnote i
Table of Contents
- 1.0 Policy and Commitment
- 2.0 Planning
- 3.0 Implementation
- 4.0 Checking and Corrective Action
- 5.0 Management Review
1.0 POLICY AND COMMITMENT
1.1 Leadership Accountability
Expectations:
The company shall have an accountable officer appointed who has the appropriate authority over the company’s human and financial resources required to establish, implement and maintain its management system and protection programs, and to ensure that the company meets its obligations for safety, security and protection of the environment. The company shall have notified the Audit Team of the identity of the accountable officer within 30 days of the appointment and ensure that the accountable officer submits a signed statement to the Audit Team accepting the responsibilities of their position.
References:
OPR section 6.2
Assessment:
Accountable Officer
The Board requires the company to appoint an accountable officer. The accountable officer must be given appropriate authority over the company’s human and financial resources for ensuring that the company meets its obligations for safety, security and protection of the environment.
On 31 March 2014, Enbridge submitted written notice to the Board indicating that its President, Guy Jarvis, had been appointed as the accountable officer for Enbridge Pipelines Inc. and all of its subsidiaries regulated by the Board. In its submission, Enbridge confirmed that its accountable officer has the authority over the human and financial resources required to meet the Board’s substantive expectations.
Summary
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board has not found any issues of Non-Compliance. The Board has determined that Enbridge is Compliant with this sub-element.
Compliance Status: Compliant
1.2 Policy and Commitment Statements
Expectations:
The company shall have documented policies and goals intended to ensure activities are conducted in a manner that ensures the safety and security of the public, workers, the pipeline, and protection of property and the environment. The company shall base its management system and protection programs on those policies and goals. The company shall include goals for the prevention of ruptures, liquids and gas releases, fatalities and injuries and for the response to incidents and emergency situations.
The company shall have a policy for the internal reporting of hazards, potential hazards, incidents and near-misses that includes the conditions under which a person who makes a report will be granted immunity from disciplinary action.
The company’s accountable officer shall prepare a policy statement that sets out the company’s commitment to these policies and goals and shall communicate that statement to the company’s employees.
References:
OPR section 6.3
Assessment:
Governance Level Policies and Goals and Commitment Statement
The Board requires the company to document its policies and goals for ensuring its activities are conducted in a manner that ensures the safety and security of the public, workers and pipeline, and the protection of property and the environment.
The NEB OPR does not include any specific management system process requirements for developing policies and goals. However, Enbridge has established clear management system guidance with respect to its process for developing policies and goals. At a governance level, Enbridge’s IMS-01, Governance Documentation outlines the company’s expectations for documenting key corporate policies, such as the Strategic and Business Planning Processes. The Governance Documentation also explains the company’s “Planning Cascade” and associated documentation. This Planning Cascade document explains how the company links its policies and corporate vision to its performance targets and metrics. The practices described within the Governance Documentation process align with the Board’s requirements for establishing policies, goals, objectives, targets and performance measures. While not an absolute alignment between the Board’s requirements and Enbridge’s internal processes it does reflect integration of the Board’s requirements into Enbridge’s business management practices.
(Note: While “goals” are included in this sub-element’s description, for clarity and organization, the review of goals is documented in sub-element 2.3 Goals, Objectives, Targets, below)
Governance Policy
Enbridge’s IMS-01, section 4.2.1, Strategy and Objectives Development Process describes the company’s process for establishing objectives, setting targets, and maintaining a dashboard of scorecard metrics. The executive management team uses the Strategy and Objectives Development Process to direct department priorities and activities. Section 4.3.2, Scorecard and section 4.3.4, Dashboard Reporting Process define the departmental processes for monitoring and measuring its performance against the Liquids Pipelines Business Plan and Enbridge targets.
Governance Commitment Statement
With respect to the OPR requirements relating to developing “a policy statement that sets out the company’s commitment to these policies and goals and shall communicate that statement to the company’s employees”, the Board identified that Enbridge’s IMS-01 included a compliant statement signed by the company’s Accountable Officer. The Board noted that this statement had not been updated in the documents it received at the time of the audit. The Board notes, however, that the documents were provided to the Board before the company notified the Board of its new Accountable Officer. Therefore, the Board will not be making a Non-Compliant finding based on this lack of endorsement.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Safety Management Program Policy and Commitment Review
General Health and Safety Policy
Enbridge provided its Safety Policy dated 14 April 2014. At the time of the audit, the company had distributed hard copies of this policy throughout the areas the Board visited.
The Safety Policy documented that “Safety is a core value at Enbridge and these principles serve as the basis for guiding our decisions and actions”. Interviews and interactions with Enbridge staff during the audit confirmed integration of the policy and direction throughout the organization. The review identified that as part of Enbridge’s overall safety management strategy it had developed six key health and safety principles. They are:
- All injuries, incidents, and occupational illnesses can be prevented;
- All operating exposures can be controlled;
- Management is accountable for safety performance;
- All employees and contractors are responsible for safety;
- Assessment and improvement are a must; and
- We promote off-the-job safety and health of our employees 24/7.”
Hazard Reporting and Immunity from Disciplinary Action Policies
The OPR contains specific policy requirements with respect to internal reporting of hazards, potential hazards, incidents and near-misses that includes the conditions under which a person who makes a report will be granted immunity from disciplinary action. The Board expects this policy to be explicit in its design and communication and be easily visible to all staff.
In its demonstration of compliance with these OPR requirements, the Board was provided a number of internal documents that describe Enbridge’s expectations with respect to the required policy. The documents provided included its IMS-01: Governing Policies and Processes, its IMS-02: Compliance and Ethics Management System, its Compliance Policy, its Statement of Business Conduct and numerous Tier 2 and 3 documents. The Board reviewed the documents and noted the following:
Enbridge’s IMS-01, Governing Policies and Processes Management System was released on 1 January 2014. This document is the foundation for Enbridge’s corporate and program management systems development and management. The Compliance Assurance section in IMS-01 states that “management will provide an open and confidential method for the Workforce to report Non-Compliant, unethical or unlawful behaviour, without fear of retaliation.”
Section 1.4.3 of IMS-02 Compliance and Ethics Management System, states that “The Enbridge Workforce will report to their supervisor situations and acts they suspect could reveal or lead to an Event affecting Enbridge. No retaliatory action will be taken against any Workforce member raising Events in good faith. Raising Events will be held confidential, in accordance with legal requirements.” Further, IMS-02, section 1.5 states that “Events will be reported without fear of retaliation to ensure Corrective and Preventative Action.”
Enbridge has posted the Compliance Policy for its Liquids Pipeline division on its e-link intranet site. This policy says that employees are accountable to “comply with all applicable laws, regulations and other legal requirements.” According to this policy, employees are expected to “immediately report any new or suspected material compliance issue to their leader.” The policy also says that “in reporting any new or suspected compliance issues all employees will be treated in accordance with Enbridge’s non-retaliation principles set out in Enbridge’s Statement on Business Conduct.”
The Statement of Business Conduct applies to all employees and contract staff in the Enbridge group of companies. The statement includes Enbridge’s non-retaliation policy. It includes the assertion that “no retaliatory action will be taken against an employee or contractor for providing good faith information either internally or to a government authority, or for participating in any proceeding concerning alleged violations of any laws of policies. Disciplinary measures may be taken against an employee or contractor if they participated in the activity, even if they reported it.”
Review of the supplied information identified that the Enbridge policies did not explicitly include reporting of hazards and potential hazards. The policies also did not explicitly identify the conditions under which a person who makes such a report will be granted immunity as part of the reporting policy. Further, Enbridge limited its non-reprisal statements to issues relating to compliance or unethical behavior. The Board notes that the policies are intended to be explicit with respect to reporting and what to report in order to, not only encourage reporting but also to clearly identify what to report. Enbridge’s statements would require interpretation prior to reporting thus potentially slowing down hazard management and mitigation. Also, as hazards and potential hazards are not necessarily violations of law or the result of unethical behaviour, the Board has determined that the policies or statements provided did not meet the OPR requirements. Further, the Board finds that Enbridge did not communicate the policy requirements in a manner acceptable to the Board. The Board found that many parts of the requirements were located in intranet documentation or in Tier 2 and 3 documents. The Board considers that the required policy should be part of the corporate policy and be communicated explicitly as such.
Summary
The Board found that Enbridge has developed and communicated Health and Safety policies applicable to its activities that had been communicated and integrated within the company’s activities.
The Board found that Enbridge has established clear management system guidance with respect to its process for developing policies and goals.
The Board found that Enbridge has developed a policy statement that sets out the company’s commitment to these general policies and goals and has communicated the its employees
The Board also found that Enbridge has not established an explicit policy with respect to internal reporting of hazards, potential hazards, incidents and near-misses that includes the conditions under which a person who makes a report will be granted immunity from disciplinary action that meets the Board’s requirements.
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
2.0 PLANNING
2.1 Hazard Identification, Risk Assessment and ControlFootnote 1
Expectations:
The company shall have an established, implemented and effective process for identifying and analyzing all hazards and potential hazards. The company shall establish and maintain an inventory of hazards and potential hazards. The company shall have an established, implemented and effective process for evaluating the risks associated with these hazards, including the risks related to normal and abnormal operating conditions. As part of its formal risk assessment, a company shall keep records to demonstrate the implementation of the hazard identification and risk assessment processes.
The company shall have an established, implemented and effective process for the internal reporting of hazards, potential hazards, incidents and near-misses, and for taking corrective and preventive actions, including the steps to manage imminent hazards. The company shall have and maintain a data management system for monitoring and analyzing the trends in hazards, incidents, and near-misses.
The company shall have an established, implemented and effective process for developing and implementing controls to prevent, manage and mitigate the identified hazards and risks. The company shall communicate those controls to anyone exposed to the risks.
References:
OPR section 6.5(1)(c), (d), (e), (f), (r), (s)
Assessment:
Governance Level Hazards and Potential Hazards Identification
At a governance level, Enbridge’s IMS-01, section 4.3, Risk Management Process describes the company’s process for identifying hazards, assessing risks and developing and implementing controls. The process includes written descriptions and the steps required for identifying hazards, assessing risks, planning risk responses, monitoring, reviewing and reporting risks. At a high level, the risk management steps identified in Enbridge’s Risk Management Process correspond to the legal requirements of this sub-element. However, in its review of this process, the Board noted deficiencies in the design and implementation of this process.
Enbridge’s Risk Management Process outlines broad, inter-related requirements and commitments; however, it does not meet the Board’s process requirements as outlined in Section 1.0 Audit Terminology and Definitions of the Board’s attached Audit Report.
Governance: Hazard vs Risk
In the governance Risk Management Process and related practices, Enbridge uses the terms “risk” and “hazard” interchangeably; this is inconsistent with the Canada Labour Code and the OPR and common practice definition or use of the terms. The Board has provided the following definition of hazard and risk in the past. Hazard: Source or situation with a potential for harm in terms of injury, ill health, damage to property, damage to workplace and environment, or a combination of these. Risk: Combination of the likelihood and consequence(s) of a specified hazardous event occurring.
Although the Board reviewed Enbridge’s program with this terminology issue in mind, the discrepancy has led to some gaps being identified in the overall Risk Management Process.
Governance Hazards Inventory
Enbridge’s governance Risk Management Process requires that each sub-ordinate management system develop risk registers which is non-compliant with the requirements of OPR both in name and intent. The Board requires companies to develop an inventory of identified hazards and potential hazards.
Governance Risk Evaluation
Enbridge’s governance Risk Management Process includes a risk evaluation practice within it. The Board reviewed Enbridge’s Risk Evaluation practice. The method used to evaluate the risk of hazards (Enbridge - risks) was fully developed and appropriate if it was implemented as designed. The Board’s audit also assessed the implementation of the risk evaluation process. This assessment determined that, while it was being implemented consistently across all of Enbridge’s programs, it was being utilized in a manner inconsistent with OPR requirements. Through interviews and document and record reviews, it was determined that Enbridge was implementing a practice whereby it applies the risk evaluation process to risks (hazards) taking into consideration the controls that may apply to the risk prior to the assessment. The result of this practice would be the identification of “residual” risk and assumes that the controls are directly applicable and appropriate to the hazard and that the control is being implemented fully on a consistent basis. The OPR process indicates that the risk evaluation should be applied directly to the hazard. This will determine “inherent” risk. This allows companies to fully identify the significance of the hazard and appropriately communicate, establish and implement controls and monitor it as required in the OPR.
In evaluating the establishment and implementation of the Enbridge’s Risk Management Process, the Risk Management Process Map provided in IMS-01 section 4.3, was noted to contain process steps that were colour-coded red and yellow. According to Enbridge, yellow colour coding indicates that the activities required to execute the process step are not adequately documented or not fully implemented in a consistent manner. Red colour coding indicates that the process step is aspirational and is not being executed by the organization. Several process steps within the Risk Management Process Map were colour coded red yet are regulated requirements within the overall Risk Management Process. For example, process step 16 - “identify, assess and prioritize risks” is a process step that is required to meet the requirements of OPR section 6.5(1)(e.). The Board has previously communicated that it recognizes aspirational practices as part of sound continual improvement practices. If a company clearly demonstrates that its practices are above the legal requirements and proactively communicates them as such within its overall programs, the Board will not find them non-compliant with OPR section 4.
Governance Developing and Implementing Controls
The Board also reviewed Enbridge’s governance process for developing and implementing controls to prevent, manage and mitigate the identified hazards and risks. The Board found that Enbridge’s process did not meet the Board’s requirements with respect to the design of a process. As well, the Board was unable to see evidence of clear requirements and directions for considering and applying the hierarchy of controls when developing controls.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Safety Management Hazard Identification, Risk Assessment and Control
Regardless of the adequacy of Enbridge’s corporate governance MS process, the Board’s audit found that, at a departmental and operational level, Enbridge has developed and implemented practices and controls that have identified and mitigated the majority and most significant of its Health and Safety hazards and risks.
The Board notes that Enbridge has a lengthy operating history and therefore has identified most of the hazards, risks and needed controls within its legacy documentation. The Board therefore found that Enbridge’s hazard identification and risk assessment practices for this program primarily rely on front line or field level practices. During the audit, Enbridge provided its Operations and Maintenance Manuals (OMMs) that supported its activities and practices.
Review of the documentation and interviews with staff were conducted to evaluate Enbridge’s documentation and practices. Based on this review the Board found that Enbridge’s documents described the processes and practices for identifying hazards, assessing risk and applying controls. The Board identified that the documents and associated practices were focused on the work site and the worker. The Board note that this practice helps manage the hazards on the worksite and is an appropriate last line of defense in hazard mitigation; however, it is not consistent with the application of the required hierarchy of controls.
The Board identified that Enbridge management and workers are required to attend formal training programs on worksite hazard identification, risk management and hazard controls. During interviews and inspections at Enbridge sites the Board noted that the practices described in Enbridge’s documentation were known and understood throughout all the Enbridge operating regions. Further, record review identified that changes to the requirements were being communicated to staff through Enbridge’s intranet and at regular, scheduled regional safety and management meetings.
The Board’s audit included a specific review of Enbridge’s management of high risk or hazard activities. The Board reviewed Enbridge’s Hazard Summary and Risk Registry for the company’s operational departments that manage such activities. The Occupational Health and Safety Hazards included in the documents demonstrated an ‘all-hazards and potential hazards approach using processes described in their Operations Maintenance Manuals and various front line/ facility hazard identification practices. A comprehensive list of risks was provided for review. Review of the documentation indicated that the risks had been assessed and prioritized and that a general description of the associated controls presently available had been incorporated into the documentation.
Internal Reporting
During the audit, Enbridge provided documentation and records to demonstrate its internal reporting practices with respect to this sub-element at the program level. Based on the review of the supplied documentation and records and interviews with staff and subject to the deficiencies noted in the Policy and Commitment Statements sub-element above, the Board did not identify any additional deficiencies.
Data Management System
Enbridge identified that it used a corporately managed database system called EnCompass for monitoring and analyzing trends identified in safety incidents and near-misses. It was noted that the database included identification causal and other factors used to analyze the content. EnCompass is managed and maintained at the corporate level. While EnCompass was identified as the corporate data management system, The Board noted that regional operations augment this system with less formal practices to monitor hazards identified by regional inspections and safety observations.
Summary
The Board found that Enbridge has developed a governance management system process for identifying, evaluating and managing its hazards and risks; however, the Board also found that this governance level management system process did not meet the OPR requirements.
The Board found that Enbridge had developed and implemented many practices for identifying, evaluating and managing its occupational health and safety hazards and risks at the program level.
The Board also found that the program level processes, as designed and applied, do not allow for the application of the required hierarchy of controls.
The Board found that at a program level Enbridge had listed the majority and most significant of its health and safety hazards; however, the process for developing list of hazards and potential hazards within risk registers, as described in the governance management system processes, did not meet the OPR requirements.
The Board found that Enbridge had established and was maintaining a data management system for monitoring and analyzing the trends in hazards, incidents, and near-misses.
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
2.2 Legal Requirements
Expectations:
The company shall have an established, implemented and effective process for identifying and monitoring compliance with all legal requirements that are applicable to the company in matters of safety, security and protection of the environment. The company shall have and maintain a list of those legal requirements. The company shall have a documented process to identify and resolve non-compliances as they relate to legal requirements, which includes updating the management and protection programs as required.
References:
OPR section 6.5(1)(g), (h), (i)
Assessment:
Governance: Identifying Legal Requirements
At a governance level, Enbridge’s IMS-01, Governing Policy and Process Management System and IMS-02, Compliance and Ethics Management System describe the company’s processes for identifying and monitoring its compliance with legal requirements. The IMS-02, Compliance and Ethics Management System, section 4.5.1 indicates that the company is required to develop a master corporate compliance register and departmental compliance registers. The compliance registers link to the company’s verification processes, which are described in IMS-01, section 4.4, Health Checks and IMS-01, section 4.5, Internal Reviews. IMS-02, section 5.2, Performance Measurement and Management describes the company’s governance processes for measuring and monitoring its compliance.
The OPR requires a company to establish and implement a process to identify its legal requirements and establish and maintain a legal list of the identified requirements. IMS-02 section 4.5.1 outlines Enbridge’s processes for identifying its legal requirements and outlines requirements to develop master and departmental compliance registers. Review of this process indicated that it aligns with the OPR process requirements for identifying legal requirements and establishing and maintaining a legal list. Review of the process as documented identified that, by description it should lead to a compliant process. For example the process includes steps requiring monitoring of legal changes, updating compliance registers, etc. It also establishes roles and responsibilities. However, the Board’s audit of this process identified that it was limited to description of the requirements and did not meet the Board’s management system process requirements. Further, the process does not require the development of a single legal list. The process includes requirements to develop a master compliance register; however, this register specifically excludes certain requirements such as in orders and permits. These are to be tracked in individual departmental compliance registers.
The Board also reviewed the linked compliance verification processes that Enbridge indicated were used to monitor compliance. The Board’s review indicated that some of the processes are not designed to meet the Board’s requirements. For example, both the Health Check and Internal Review processes are specifically not expected to be comprehensive with respect to evaluating departmental or management functions or departmental or project performance. Additionally, as described in the Internal Audit sub-element 4.3 below, the Internal Review process has not been established and implemented at the time of the audit and Health Checks appear to be limited to reviewing the existing identified requirements that have been integrated within its existing processes and practices.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Safety Management Program Legal Requirements
The Board found that, at the departmental level, Enbridge had not fully implemented all of its corporately mandated governance process requirements. The Board, however, also identified that Enbridge has accounted for the majority, of its health and safety legal requirements, including the Canada Labour Coded (CLC), within its individual operating procedures. This was determined to be part of Enbridge’s documented OMM procedure design and management requirements.
Enbridge identified that the legal requirements were being monitored and reviewed during its document management process and Health Checks. The Board reviewed these documents and associated records during its audit. The Board found that Enbridge had been implementing the practices as designed. The Board also identified deficiencies with respect to the practices employed. The Board found that this practice limits monitoring compliance to only those requirements already included within the individual procedures. Further, the Health Check system is specifically designed not to be applied comprehensively; therefore, a full program level, legal review is not required or undertaken by process.
With respect to the OPR requirements to establish and maintain a list of legal requirements, the Board found that the practices employed by Enbridge at the program level do not meet the requirements as a single, comprehensive list was not observed or required.
The Board noted a particular example where Enbridge’s failure to identify and incorporate legal requirements into the development of controls resulted in inadequately designed and incomplete training programs.
Enbridge has a Violence in the Workplace (VIW) Policy in place as required by the Canada Occupational Health and Safety Regulations (COSHR) Part XX. Enbridge also demonstrated that it has established some VIW related training such as Respectful Workplace and has introduced reporting mechanisms to document defined internal violence events. The Board noted during interviews with Enbridge staff; however, that its field staff from across the system reported instances of being threatened by hostile third parties and the public while conducting various work tasks. These field staff and contractors indicated that they were neither trained for nor aware of any procedure for identifying, formally reporting or addressing aggressive behavior. The Enbridge employees and workers reported that they were not aware that VIW included events of violence from external parties.
The Board notes that Violence Prevention in the Workplace has been a requirement of the COSHR since 2009. Further, based on the deficiencies noted within this sub-element, the Board is of the opinion that a full, detailed, process based examination of the legal requirements would have led to a compliant practice that would lead to increased safety of employees and workers.
In order to ensure timely resolution of this deficiency, the Board’s auditors informed the NEB’s Regional Safety Officer (RSO) of the issue. The RSO received an Assurance of Voluntary Compliance (AVC) from Enbridge to be resolved outside of the audit process. The AVC included the requirement for the development of interim measures including procedures and training for field staff who could encounter hostility from external parties during the performance of their duties. The NEB will continue to monitor the development and implementation of the Violence in the Workplace Program to verify that it is designed and implemented in accordance with the all of the requirements of the COSHR Part XX.
Summary
The Board found that Enbridge had developed a number of governance and program level processes and practices for identifying and monitoring its legal requirements that had accounted for the majority of its legal requirements within its health and safety program.
The Board also found that Enbridge’s governance management system processes did not meet the OPR requirements with respect to process design and implementation.
The Board found that Enbridge had not established and maintained the legal list as required by the OPR.
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
2.3 Goals, Objectives and Targets
Expectations:
The company shall have an established, implemented and effective process for developing and setting goals, objectives and specific targets relevant to the risks and hazards associated with the company’s facilities and activities (i.e., construction, operation and maintenance). The company’s process for setting objectives and specific targets shall ensure that the objectives and targets are those required to achieve its goals, and shall ensure that the objectives and targets are reviewed annually.
The company shall include goals for the prevention of ruptures, liquid and gas releases, fatalities and injuries, and for the response to incidents and emergency situations. The company’s goals shall be communicated to employees.
The company shall develop performance measures for assessing the company’s success in achieving its goals, objectives, and targets. The company shall annually review its performance in achieving its goals, objectives and targets and the performance of its management system. The company shall document the annual review of its performance, including the actions taken during the year to correct any deficiencies identified in its quality assurance program, in an annual report, signed by the accountable officer.
References:
OPR sections 6.3, 6.5(1)(a), (b), 6.6
Assessment:
Governance: Goals, Objectives and Targets for Risks and Hazards
The OPR does not include any specific management system process requirements for developing policies and goals. However, Enbridge has established clear management system guidance with respect to its process for developing policies and goals. At a governance level, Enbridge’s IMS-01, Governance Documentation outlines the company’s expectations for documenting key corporate policies, such as the Strategic and Business Planning Processes. The Governance Documentation also explains the company’s “Planning Cascade” and associated documentation. This Planning Cascade document explains how the company links its policies and corporate vision to its performance targets and metrics. The practices described within the Governance Documentation process align with the Board’s requirements for establishing policies, goals, objectives, targets and performance measures. While not an absolute alignment between the Board’s requirements and Enbridge’s internal processes it does reflect integration of the Board’s requirements into Enbridge’s business management practices.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Safety Management Program Goals, Objectives and Targets for Risks and Hazards
At the program level, Enbridge is aligned with its corporate requirements, and has developed the required health and safety program strategic processes and practices. Further, the Board found that Enbridge had developed goals for preventing fatalities and injuries. These would be the specific OPR goals that would normally be accounted for within any safety management program audit conducted by the Board.
Summary
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board did not find any non-compliance issues. The Board has determined that Enbridge is Compliant with this sub-element.
Compliance Status: Compliant
2.4 Organizational Structure, Roles and Responsibilities
Expectations:
The company shall have a documented organizational structure that enables it to meet the requirements of its management system and its obligations to carry out activities in a manner that ensures the safety and security of the public, company employees and the pipeline, and protection of property and the environment. The documented structure shall enable the company to determine and communicate the roles, responsibilities and authority of the officers and employees at all levels. The company shall document contractors’ responsibilities in its construction and maintenance safety manuals.
The documented organizational structure shall also enable the company to demonstrate that the human resources allocated to establishing, implementing and maintaining the management system are sufficient to meet the requirements of the management system and to meet the company’s obligations to design, construct, operate or abandon its facilities to ensure the safety and security of the public and the company’s employees, and the protection of property and the environment. The company shall complete an annual documented evaluation in order to demonstrate adequate human resourcing to meet these obligations.
References:
OPR sections 6.4, 20, 31
Assessment:
Governance Organizational Structure and Roles and Responsibilities
At a governance level, Enbridge demonstrated that it has a single, over-arching management system process that describes the organizational structure and responsibilities for the ongoing development and implementation of its management system. The IMS documents defined the roles and responsibilities regarding occupational health and safety of all employees and contractors.
The governance management system documents indicated that Enbridge’s executive management was responsible for upholding the management system policies, process, standards and requirements. They were also responsible for ensuring that appropriate resources are available to monitor compliance and implement continuous improvement of the management system. Further the documentation identified that the responsibility of Enbridge’s President include allocating the resources necessary for management system compliance.
Governance Annual Evaluation of Resource Need
Enbridge demonstrated that it has developed a number of corporately required or supported mechanisms for evaluating its resourcing needs.
Enbridge did not, however, provide specific documentation and records to demonstrate it evaluates the need for human resources allocated to establishing, implementing and maintaining its management system and explicitly meeting its OPR section 6 obligations at a corporate or program level.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Safety Management Program Organizational Structure and Roles and Responsibilities
During the audit Enbridge indicated that the management system owner for Occupational Health and Safety is the Vice President of Health, Safety, Environment and Support Services. Enbridge provided documents and records that demonstrated it had established and maintained documented roles and responsibilities statements related to its health and safety program and activities that applied to all levels within the organization as well as contractors. Through document and record review and staff interviews the Board identified that Enbridge had established, documented and communicated its organizational structure as it related to safety.
Annual Evaluation of Resource Need
Enbridge did not provide documentation or records to demonstrate it specifically evaluates and demonstrates that the human resources allocated to establishing, implementing and maintaining its management system and meeting its OPR section 6 obligations are sufficient.
With respect to its safety management program evaluation of need, Enbridge demonstrated that it uses several mechanisms to evaluate its human resources needs. Key examples include:
- Liquids Pipelines priorities and objectives review and planning - The leadership team defines the key priorities and objectives for Liquids Pipelines in alignment with the Strategic Plan; the Strategic Plan defines the focus and priorities for the company as a whole;
- Health and Safety Department Plan development - IMS-01 processes outline the steps involved in developing a Department Plan and resourcing the department;.
- Workforce planning - The Enbridge Human Resources department leads the Emergency and Security department through the Workforce Budgeting process. As a result of this process, the department identifies the job types and the number of each job type required to ensure there are sufficient resources to meet management and protection requirements.
- Annual Work Plan update and development - The Health and Safety department develops a detailed annual work plan that takes into account the priorities, objectives and Department Plan of the Liquids Pipelines business unit.
The Board identified that the resource evaluation mechanisms described were being implemented within the Health and Safety Department. In reviewing the documentation and records associated with resource evaluation mechanisms, the Board identified that Enbridge’s practices were not accounting for staff outside of the department with Health and Safety responsibilities.
For example Field Operations and Maintenance staff have safety management responsibilities that require accounting for. Additionally, the Board identified instances of on-going, open corrective and preventive actions associated with Integrated Review findings. Staff at multiple levels within the organization attributed this practice to a lack of human resources in at the field level to provide oversight or actively address the findings on a timely basis. The Board’s record review indicated that Enbridge’s processes did not address the resourcing needs.
Summary
The Board found that Enbridge had a documented organizational structure and communicates the roles responsibilities and authorities of the officers and employees at all levels of the company.
The Board found that Enbridge had established and implemented several mechanisms for reviewing its Safety Management program workforce needs.
The Board also found that Enbridge’s evaluation of need did not specifically account for all staff with health and safety or management system establishment, implementation or maintenance responsibilities and, therefore, did not demonstrate that the human resources allocated to establishing, implementing and maintaining its management system and meeting for meeting its OPR section 6 obligations are sufficient.
The Board also found that Enbridge’s evaluation of need practices did not account for staff outside of the department with Health and Safety responsibilities.
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
3.0 IMPLEMENTATION
3.1 Operational Control-Normal Operations
Expectations:
The company shall have an established, implemented and effective process for developing and implementing corrective, mitigative, preventive and protective controls associated with the hazards and risks identified in elements 2.0 and 3.0, and for communicating these controls to anyone who is exposed to the risks.
The company shall have an established, implemented and effective process for coordinating, controlling and managing the operational activities of employees and other people working with or on behalf of the company.
References:
OPR section 6.5(1)(e), (f), (q)
Assessment:
Governance Developing and Implementing Operational Controls - Normal Operations
At a governance level, Enbridge’s IMS-01, section 4.3, Risk Management Process describes the company’s process for developing and implementing controls for addressing its hazards and risks. As noted in sub-element 2.1 of this audit, the Board found that this Enbridge process is non-compliant for several reasons, including the process design and implementation of the hierarchy of controls. Since the Board has already identified that Enbridge will have to develop corrective action plans for sub-element 2.1, the Board will not assign additional non-compliances for the governance process in this sub-element; however, Enbridge must specifically consider and include any corrective actions associated with this sub-element within the corrective action developed plan developed for sub-element 2.1.
Governance Processes for Coordinating, Controlling and Managing the Operational Activities of Employees and other People Working With or On Behalf of the Company
These management system process requirements are described in OPR section 6.5 (1) (k) and (q). During the audit Enbridge indicated that these requirements were described within its IMS-01 sections 2.4 Management System Development and Implementation Requirements and 4.14 Workforce Competency and Qualification Management Process and in its OMMs and various other program level processes.
Review of the IMS processes indicated that they did not address the requirements identified in the sub-element directly and that, as noted elsewhere in this report the IMS-01 4.14 Workforce Competency and Qualification Management Process has not been demonstrated to be established or implemented. Review of the OMM processes indicated that they were not considered as governance management system process within the company. Enbridge is therefore non-compliant with respect to its OPR management system process requirements.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Safety Management Program Developing and Implementing Operational Controls - Normal Operations
During the audit, Enbridge staff identified that the company’s primary hazard and risk controls and related requirements are contained or referenced within its Operations and Maintenance Manuals (OMMs) and its Contractor Safety Manual (Enbridge’s construction and abandonment activities were not included in the scope of this audit; therefore, the Contractor Safety Manual was not fully evaluated). The OMMs were identified as being used by Field Operations and Maintenance workers and outlined the written processes, standards and tools used for development, implementation, maintenance and communicating of the corrective, mitigative, preventive and protective measures (commonly referred to as “controls”) that manage the hazards, risks and legal requirements identified for the protection programs.
The Board identified that the OMMs consisted of eight manuals or “books” as they are known. They are:
- Book 1, General Compliance Reference;
- Book 2, Safety;
- Book 3,Pipeline Facilities;
- Book 4, Welding;
- Book 5, Petroleum Quality and Measurement;
- Book 6, Equipment and Maintenance;
- Book 7, Emergency Response, Part 1: Corporate and Part 2: Region Specific;
- Book 8, Environment.
Enbridge’s Contractor Safety Manual is intended for use by contractors to ensure worker safety while supplying contracted services.
With the exception of OMM Book 2, which includes specific “safety practices and procedures”, the OMM books provide approved procedures and methodologies for completing specific work tasks and activities. In reviewing Enbridge’s approved procedures, the Board found that Enbridge has incorporated specific safety practices in each document, where required. For example, the standard for open system work on a pump includes direct references to safety lock-out procedures, energy isolation, and safe work and hot work permit requirements. Enbridge’s OMM, Book 2, Safety contains specific information and procedures for worker safety. For example, Book 2 includes Enbridge’s personal protective equipment requirements and confined space entry procedures. The Board also noted that Enbridge has incorporated health and safety communications requirements in each manual standard. (Sub-element 3.5 of this audit details the Board’s audit of Enbridge’s safety communications processes and activities.) Review of documentation and records identified that Enbridge completed an annual review on each section of OMM, Book 2 to ensure that it continues to be relevant, in compliance with identified regulations, accurate, complete and consistent with cross referenced information. Although specifically out of scope for this audit, the Board identified that Enbridge’s Contractor Safety Manual is also being reviewed and revised annually, as required.
With respect to on-going suitability and maintenance of the controls, Enbridge demonstrated that its Manager of Health and Safety Programs has been assigned the functional responsibility for developing, implementing, communicating and maintaining the company’s corrective, mitigative, preventive and protective measures processes. Enbridge outlined this responsibility in OMM, Book 2 under Occupational Health and Safety Management System, and Policies Practices and Standards Development, as well as in other referenced documents. Enbridge further demonstrated that its Senior Manager of Engineering Safety has functional responsibility for developing, implementing, communicating and maintaining the company’s Contractor Safety Manual.
Safety Management Program Processes for Coordinating, Controlling and Managing the Operational Activities of Employees and other People Working With or On Behalf of the Company
As noted above, during the audit Enbridge indicated that it has established a number of OMM and program based processes that address the Board’s requirements for coordinating, controlling and managing the operational activities of employees and other people working with or on behalf of the company. The Board’s review of the referenced documents and associated records provided by Enbridge indicated that, at the safety management program level, the company has established appropriate practices and processes.
Summary
The Board found that, subject to its non-compliant finding relating to its governance management system process with respect to developing controls (Sub-element 2.1 Hazard Identification, Risk Assessment and Control, above), Enbridge has developed controls that address its identified hazards and risks.
The Board found that, at a program level, the company has implemented practices and processes that address the Board’s requirements for coordinating, controlling and managing the operational activities of employees and other people working with or on behalf of the company.
The Board also found that, at the governance management system level, Enbridge has not established and implemented processes for coordinating, controlling and managing the operational activities of employees and other people working with or on behalf of the company that meet the OPR requirements.
Based on the Board’s evaluation of Enbridge’s management system and the Safety Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
3.2 Operational Control-Upset or Abnormal Operating Conditions
Expectations:
The company shall establish and maintain plans and procedures to identify the potential for upset or abnormal operating conditions, accidental releases, incidents and emergency situations. The company shall also define proposed responses to these events and prevent and mitigate the likely consequence and/or impacts of these events. The procedures must be periodically tested and reviewed, and revised where appropriate (for example, after upset or abnormal events). The company shall have an established, implemented and effective process for developing contingency plans for abnormal events that may occur during construction, operation, maintenance, abandonment or emergency situations.
References:
OPR section 6.5(1)(c), (d), (e), (f), (t)
Assessment:
Governance Upset and Abnormal Operating Conditions
Enbridge uses the processes described in sub-elements 2.1 and 3.1 of this audit report to identify hazards and potential hazards to the occupational health and safety of its workers during abnormal operating conditions, accidental releases, incidents and emergency situations. Therefore, the general findings of those sub-elements apply to this sub-element as well. Since any issues applicable to this sub-element must be addressed in the corrective action plan developed for sub-element 2.1, the Board will not assign further Non-Compliances for the governance process in this sub-element.
Governance Developing Contingency Plans for Abnormal Events
The Board requires the company to establish and implement an effective process for developing contingency plans for abnormal events that may occur during construction, operation, maintenance, abandonment or emergency situations. It is important to note that contingency plans are not limited to emergency response. The Board found that Enbridge’s governance processes did not include specific processes or policies for developing contingency plans for abnormal events.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Safety Management Program Upset or Abnormal Operating Conditions
At the program level, the Board identified Enbridge has developed facility and worksite emergency procedures and practices to address upset or abnormal operating conditions including, but not limited to, medical situations. Enbridge has documented its planning requirements and procedures in its OMMs, Contractor Safety Manual and within its site-specific plans.
The Board identified that Enbridge requires all staff, visitors and contractors are required to have a safety orientation to the site before they access the site. The company communicates and physically posts facility evacuation and emergency plans at each facility and demonstrated that it has and maintains emergency shutdown and response equipment at each worksite. Enbridge demonstrated that first aid supplies, including automated external defibrillators, were readily available at appropriate locations. The Board identified through documentation and record review and staff interviews that that all of the company’s frontline Operations staff receive first aid training.
During its audit the Board specifically included the review high risk and hazard activities within its activities. With respect to this sub-element, the Board identified that Enbridge employees and supervisors required to work on tanks and in other confined spaces are trained and equipped to perform rescues if required. Additionally, the Board also found that Enbridge frontline staff, including managers, have received various levels of Integrated Command Structure (ICS) and first response training needed to fulfill their anticipated roles in the company’s Emergency Response Plans. Interviews with regional personnel confirmed that Enbridge regional staff use and understand the company’s contingency plans for emergency response, first aid and rescue.
Program Level Process for Developing Contingency Plans for Abnormal Events
Enbridge did not demonstrate that it has a program level process that meets the OPR requirements.
Summary
The Board found that, subject to its non-compliant finding relating to its governance management system process with respect to developing controls (Sub-element 2.1 Hazard Identification, Risk Assessment and Control, above), Enbridge has developed controls that address its identified health and safety hazards and risks relating to upset and abnormal operating conditions.
The Board found that Enbridge has developed and documented many contingency plans.
The Board also found that Enbridge had not established a management system or program level process for developing contingency plans that meets the Board’s requirements.
Based on the Board’s evaluation of Enbridge’s management system and the Safety Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
3.3 Management of Change
Expectations:
The company shall have an established, implemented and effective process for identifying and managing any change that could affect safety, security or protection of the environment, including any new hazard or risk, any change in a design, specification, standard or procedure and any change in the company’s organizational structure or the legal requirements applicable to the company.
References:
OPR section 6.5(1)(i)
Assessment:
Governance Management of Change Process
During the audit, Enbridge identified that it had developed a governance management of change process. In reviewing the documents and records and conducting interviews, the Board found that Enbridge’s governance process had not been fully established or implemented at the time of the Board’s audit. The Board’s review found that Enbridge’s design of its governance process does not meet the OPR management system process requirements.
During the audit, Enbridge indicated that MOC processes and requirements are embedded in all of its existing written processes, procedures and practices. Enbridge indicated that a single MOC process would not be able to meet its or other companies with significant facilities and processes, requirements. Therefore, Enbridge has multiple processes embedded in multiple locations. Further, Enbridge indicated that its interpretation of the OPR is to “ensure that a MOC process is available for unplanned, unexpected or infrequent changes that are not already embedded in existing activities and processes. There is no requirement in the OPR for these various management of change processes to be formally tied to one another.”
The Board has found that Enbridge’s interpretation and practices are inconsistent with the Board’s interpretation of the OPR process requirements. The Board notes that the OPR requires a company to develop a management system MOC process that identifies and manages any change that could affect safety, security or the protection of the environment, not only those described by Enbridge. Further the Board notes that, while a company may have multiple processes, there still must be consistency in process requirements, development and implementation as well as coordination of the various practices in order to meet the OPR requirements and to ensure formal management. The Board notes that a singular management system process developed to meet the OPR requirements, as prescribed, would address these requirements.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Safety Management Program Management of Change
Notwithstanding, the process issues described above, the audit found that Enbridge has established and embedded MOC requirements within many aspects of its Occupational Health and Safety Program. The documented, operational MOC processes are found in Enbridge’s OMMs. Enbridge uses two core MOC processes to manage OMM changes:
- Liquid Pipelines MOC process - This process identifies and manages any change critical to the safety management and operational reliability of the Enbridge system; and
- Operations and Maintenance Procedures Management System - Includes various processes to ensure proper MOC of its core procedures.
In reviewing Enbridge’s processes and practices, the Board identified that the company has incorporated formal communication requirements into its practices. The company divides its communication of changes into two categories: annual updates and critical updates. The company has formal written requirements for both of these categories. Further, Enbridge demonstrated that it uses an online database to validate, communicate and follow-up on MOC activities. The system is available to all employees and all employees demonstrated familiarity with the system during Board interviews. Interviews with Enbridge regional personnel confirmed that they have an appropriate understanding of the company’s MOC system and the communication practices.
Summary
The Board found that Enbridge demonstrated that it had established and implemented a number of MOC procedures and practices to document and manage change at the program level on a consistent basis. The Board identified that all departments and programs were using Enbridge’s Liquids Pipelines MOC process, including Safety Management, as its primary corporate MOC process. The Board, however, identified that this process did not meet all of the MOC process requirements and was specifically not intended to be included within its IMS process.
The Board also found that Enbridge did not demonstrate that it had established and implemented a management system level process that meets the requirements of the OPR.
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
3.4 Training, Competence and Evaluation
Expectations:
The company shall have an established, implemented and effective process for developing competency requirements and training programs that provide employees and other persons working with or on behalf of the company with the training that will enable them to perform their duties in a manner that is safe, ensures the security of the pipeline and protects the environment.
The company shall have an established, implemented and effective process for verifying that employees and other persons working with or on behalf of the company are trained and competent, and for supervising them to ensure that they perform their duties in a manner that is safe, ensures the security of the pipeline and protects the environment. The company shall have an established, implemented and effective process for making employees and other persons working with or on behalf of the company aware of their responsibilities in relation to the processes and procedures required by the management system or the company’s protection programs.
The company shall have an established, implemented and effective process for generating and managing training documents and records.
References:
OPR section 6.5(1)(j), (k), (l), (p)
Assessment:
Governance and Safety Management Program Training Program
Through interviews and document and record review, the Board found that Enbridge has established and implemented a documented, comprehensive training program applicable to occupational health and safety training of its employees. The training program is appropriately supported and managed throughout the organization. Enbridge has developed a management system called the Enbridge Learning Management System (eLMS). eLMS provides the mechanism to register, deliver, track and record learning completions. Enbridge’s Human Resources department provides support to all departments for the development of departmental content and eLearning programs and each department manages the content of programs housed in eLMS. The Board verified that Enbridge has implemented the systems to generate, manage and document the various training programs through front line interviews and inspections.
Notwithstanding Enbridge’s training program implementation, the Board found that Enbridge had not established and implemented documented processes for developing competency that are used to develop training and learning programs and to establish baseline competencies required for employees and others working on behalf of the company to perform assigned tasks in a manner that is that is safe, ensures the security of the pipeline and protects the environment. Similarly, the Board found that Enbridge has not established and implemented a process for verifying competency as required. Interviews with staff indicated that there were undocumented competency evaluation processes being undertaken at the time of the audit; however, they did not meet the Board’s management system process requirements. Record reviews conducted by the Board indicated that Enbridge had at one time implemented a formal Competency Based Training program but that had been officially discontinued a number of years ago. It was identified that staff in some of the regions were still implementing the practices of this program as a method to ensure competency of new staff.
The Board considers competency identification and verification to be a key component in assuring the safety of workers, the public, and the environment. Therefore, this issue was brought to Enbridge’s attention as requiring urgent attention. Enbridge has responded by developing an interim process while Enbridge’s Workforce Competency and Qualification Process (WCQP), commenced in 2013, is being fully rolled out. This was provided to the Board for review prior to end of its close-out discussions. While not yet demonstrated as established or implemented, based on initial interviews with departmental staff, the Board found that the described practices could meet the Board’s requirements.
The Board’s review of the written governance policy that had been provided by Enbridge indicated that some of the key legally required process requirements were mapped as “red”. According to Enbridge’s described process mapping convention this would indicate that the process steps are “aspirational” and therefore outside of its legal requirements to be measured by the Board. As noted elsewhere in this report, aspirational or stretch practices are encouraged but they cannot include legally required content within this category.
Generating and Managing Training Documents and Records
The Board found that Enbridge’s process for generating and managing training documents and records is largely based on the following:
- Enbridge Learning Management System - to manage department training records;
- Matrix Verification Reports on the Field Operations Learning Management System (TRAC);
- Individual Development Plans - to manage training and records at an individual level; and
In reviewing the records, Enbridge demonstrated that it had an established, implemented and effective process for generating training documents and records.
Summary
The Board has found that Enbridge has established and implemented formal management system for identifying and managing its training requirements.
The Board also found that Enbridge has not established and implemented processes for identifying and verifying the competency requirements of its workers as required in the OPR. The Board identified that Enbridge has started to implement a new process for the identification and verification of worker competency. However, this new process remains Non-Compliant as it has not been established or implemented and that its governance management system process does not meet the Board’s requirements.
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
3.5 Communication
Expectations:
The company shall have an established, implemented and effective process for the internal and external communication of information relating to safety, security and environmental protection. The process should include procedures for communication with the public, company employees, contractors, regulatory agencies and emergency responders.
References:
OPR section 6.5(1)(m)
Assessment:
Governance Communication
The Board found that Enbridge’s governance level management system processes are inadequate. Enbridge’s IMS-01 is limited to requiring Enbridge’s IMS-01 is limited to requiring that each department must develop a communication plan and does not meet the OPR requirements.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Safety Management Program Communication
The Board found that Enbridge has undertaken a lot of communications both externally and internally. As well, Enbridge has integrated communications requirements within many of its processes and procedures.
During the audit, the Board identified that Enbridge’s Occupational Health and Safety department has written a Health and Safety Communication Plan. This plan is included in the company’s tier 2 OMM books. The plan assigns responsibilities and describes the communication tools the company uses to communicate safety information to its workers, as well as the communication tools used by workers to communicate safety issues to management. Enbridge’s tier 2 Operations Health and Safety Management System Communication Plan sets the standards for communicating safety topics to workers and contractors.
The Board found that Enbridge uses various methods for communicating health and safety information to its employees and contractors. These methods include formal site orientations, training, safety and tailgate meetings, site meetings, committee meetings, bulletins and other means.
Enbridge’s Operations department develops annual Safety and Health initiatives that are communicated to staff through Enbridge’s intranet by senior management. The Health and Safety department is responsible for coordinating, communicating, tracking and reporting the initiatives through to completion.
Enbridge demonstrated that the structure of its Health and Safety Committee enabled the company to exchange health and safety information between internal committees and throughout the company. Additionally it was demonstrated that frontline safety groups were conducting monthly meetings. The Board identified that the monthly meeting minutes are posted and made available through Enbridge’s intranet for all employees to review.
Summary
The Board found that Enbridge communicates throughout its organization as a matter of organized practice.
The Board also found that Enbridge had not established or implemented a communication process that meets the Board’s requirements.
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
3.6 Documentation and Document Control
Expectations:
The company shall have an established, implemented and effective process for identifying the documents required for the company to meet its obligations to conduct activities in a manner that ensures the safety and security of the public, company employees and the pipeline, and protection of property and the environment. The documents shall include all of the processes and procedures required as part of the company’s management system.
The company shall have an established, implemented and effective process for preparing, reviewing, revising and controlling documents, including a process for obtaining approval of the documents by the appropriate authority. The documentation should be reviewed and revised at regular and planned intervals.
Documents shall be revised where changes are required as a result of legal requirements. Documents should be revised immediately where changes may result in significant negative consequences.
References:
OPR sections 6.5(1)(i), (n), (o), 6.5(3)
Assessment:
Governance Process for Identifying the Documents Required to Meet its Obligations
This sub-element also includes the requirements to develop a process for identifying the documents required for the company to meet its obligations described in OPR section 6.
In the information provided to the Board, Enbridge indicated that its interpretation of the OPR requirements, is that the required documents to meet its obligation are “those documents developed as part of the management system required by the OPR”. Enbridge further identified that its management system design is comprehensive and encompasses all of the company’s activities that are designed to meet the obligations. As such it indicated that its IMS - 01 section 1.3 Integrated Management Structure identifies the documents required. The Board’s review of this section indicated that it did not constitute a list of documents or classes/categories of required documents. It was a high level description of the nineteen management systems that comprise Enbridge’s management system and high level descriptions of the content of each.
Governance Documentation and Document Control
During the audit, Enbridge was not able to demonstrate that it had established or implemented a governance management system process that meets the Board’s Documentation and Document Control process requirements. Enbridge did not provide a documented management system process until after the Board’s closeout discussions. This document was dated 22 August 2014; however, until provided by Enbridge, the Board was not presented evidence of its existence either as a document or as referred to by Enbridge staff during interviews. The Board could not therefore verify its establishment or implementation during the audit.
The Board’s review of this document indicated that it did not meet the OPR management system process requirements as described elsewhere in this audit report. As well the Board could not determine the applicability of the process to the programs required in OPR section 55, since the process as written only appears to apply to the governance management system processes.
Regardless of the Enbridge’s lack of compliant management system processes, the Board found that Enbridge does have some document control processes that it is presently using on a corporate basis. Enbridge governs its document processes through its Documents Policy, which is available on the company’s intranet and through an online tool called the Governance Documents Library. The Board identified that the Documents Policy and its associated practices and tools set Enbridge’s minimum standards for documents and document tracking.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Safety Management Program Documentation and Document Control
Enbridge indicated that, at the program level, operational documents were housed within the OMMs. Further, Enbridge indicated that the OMMs included a document control process within them. Enbridge’s Operations and Maintenance Procedures Management group was identified as being responsible for developing, implementing and maintaining the Document Control Process.
During its review of the process the Board noted it did not contain a process for the identification of documents as described in the OPR. The process provided described the processes Enbridge follows to prepare, review, revise, control and approve its OMM documents. During interviews and document reviews, the Board confirmed that Enbridge has established and implemented the process, as described.
Summary
The Board found that Enbridge had established and implemented a process for controlling its OMM documentation.
The Board also found that Enbridge had not established and implemented a governance management system process for identifying the documents required for the company to meet its obligations under OPR section 6.
The Board also found that, at the governance level, Enbridge’s new IMS-01, section 4.9 Governance Document Control Process, dated 22 August 2014, did not meet the OPR requirements nor had it been established and implemented.
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
4.0 CHECKING AND CORRECTIVE ACTION
4.1 Inspection, Measurement and Monitoring
Expectations:
The company shall have an established, implemented and effective process for inspecting and monitoring the company’s activities and facilities to evaluate the adequacy and effectiveness of the protection programs and for taking corrective and preventive actions if deficiencies are identified. The evaluation shall include compliance with legal requirements.
The company shall have an established, implemented and effective process for evaluating the adequacy and effectiveness of the company’s management system, and for monitoring, measuring and documenting the company’s performance in meeting its obligations to perform its activities in a manner that ensures the safety and security of the public, company employees and the pipeline, and protection of property and the environment.
The company shall have an established, maintained and effective data management system for monitoring and analyzing the trends in hazards, incidents and near-misses. The company shall have documentation and records resulting from the inspection and monitoring activities for its programs.
The company management system shall ensure coordination between its protection programs, and the company should integrate the results of its inspection and monitoring activities with other data in its hazard identification and analysis, risk assessments, performance measures and annual management reviews, to ensure continual improvement in meeting the company’s obligations for safety, security and protection of the environment.
References:
OPR sections 6.1(d), 6.5(1)(g), (s), (u), (v), 56
Assessment:
Governance Inspection, Measurement and Monitoring
The Board requires companies to have an established, implemented and effective process for inspecting and monitoring the company’s activities and facilities to evaluate the adequacy and effectiveness of the protection programs and for taking corrective and preventive actions if deficiencies are identified.
Through staff interviews, and document and record review, the Board found that Enbridge has documented its governance management system inspection, measurement and monitoring practices in its IMS-01 manuals. The IMS documents describe Enbridge’s process for Health Checks, internal reviews, audits and external audits. The Board completed a full review of the Health Checks, internal reviews, audits and external audits as part of its evaluation of Enbridge’s Internal Audits and Quality Assurance Program and has documented them in Sub-element 4.3 Internal Audits, below. The Board has identified deficiencies with the processes and practices that directly relate this sub-element as well. The Board, however, will not assign an additional non-compliance based on that finding within the section. Enbridge’s CAP must include corrective actions that ensure that the processes will address the linked requirements within this sub-element explicitly.
Governance Corrective and Preventative Actions
During the audit, Enbridge indicated that its IMS, section 4.6, Corrective and Preventive Action Management Process defines the minimum standards for administering, tracking and managing corrective and preventive actions through their implementation and resolution. This process applies to Enbridge departments and addresses events, hazards and near-misses. This process includes Health Checks, internal reviews, regulatory inspections, investigation and audits. The documentation provided at the time of the audit does not show that Enbridge’s Corrective and Preventative Action Management Process has been fully implemented. Portions of the process, according to the process map, have only been partially implemented at the IMS level.
The Board notes that the requirement to have a process to take corrective and preventive action is included in many of the sub-elements within the Board’s audit protocol and the OPR. The Board therefore requires the corrective action plan developed to address the deficiencies identified for this sub-element to explicitly include all sub-element and OPR requirements, where corrective and preventive actions are referenced.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Safety Management Program Inspection, Measurement and Monitoring
Inspection
At the program level, Enbridge indicated that, in addition to the Health Checks and Internal reviews, described above, its OMMs document the company’s health and safety inspection policy, schedule and process for inspecting its facilities and worksites. The documentation defines what will be inspected, the minimum inspection frequency and the responsibilities involved. The documentation provided also indicated that the Director of Health and Safety is responsible for administering, interpreting and keeping this process current with business conditions and ensuring that the process is periodically reviewed and continually improved. Employees, supervisors, managers and safety representatives are responsible for conducting physical inspections of facilities and worksites. Facility and worksite supervisors are responsible for ensuring that action items identified during the inspection are followed through to completion within established timelines. Affected workers are advised of any unsatisfactory inspection results and hazards that have not been controlled or eliminated. Review of documentation and records indicated that the requirements were being implemented as described.
Program Data Management System and Integration of Results
Through document and record review and in interviews, it was identified that Enbridge is meeting the expectations utilizing a number of data bases and its work order management system. Enbridge demonstrated that it reviews inspection plans and results and corrective actions weekly, monthly and quarterly at various safety meetings, committee meetings and leadership meetings and implements changes where it identifies a need.
Monitoring and Measuring the Program
Enbridge demonstrated that it had developed documented health and safety performance indicators which it uses to measure its progress towards meeting its health and safety objectives. The company provided documents and records indicating that it regularly reviewed the performance indicators to ensure they are relevant to Enbridge’s activities and consistent with the company’s Health and Safety Policy. The company produced monthly reports for tracking the performance indicators and the status of any corrective actions generated during inspections and investigations. Enbridge summarized these activities and indicators in an annual report that it provided for review. The Annual Report included a trend analysis of the status of the company’s corrective actions.
Summary
The Board found that, subject to its findings related to its review of Enbridge’s Health Check and Internal Review processes (Sub-element 4.3 Internal Audit), the Board found that Enbridge has established and implemented process for inspecting, measuring and monitoring its facilities and program.
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board did not find any issues of non-compliance. The Board has determined that Enbridge is Compliant with this sub-element.
Compliance Status: Compliant
4.2 Investigating and Reporting Incidents and Near-misses
Expectations:
The company shall have an established, implemented and effective process for reporting on hazards, potential hazards, incidents and near-misses, and for taking corrective and preventive actions. This should include conducting investigations where required or where hazards, potential hazards, incidents and near-misses have or could have resulted in the safety and security of the public, company employees and the pipeline, and protection of property and the environment, being significantly compromised.
The company shall have an established, maintained and effective data management system for monitoring and analyzing the trends in hazards, incidents and near-misses.
The company should integrate the results of its reporting on hazards, potential hazards, incidents and near-misses with other data in hazard identification and analysis, risk assessments, performance measures and annual management reviews, to ensure continual improvement in meeting the company’s obligations for safety, security and protection of the environment.
References:
OPR sections 6.5(1)(r), (s), (u), (w), (x), 52
Assessment:
Governance Investigating and Reporting Incidents and Near-misses
The Board notes that there is not a specific OPR management system or other process development requirement for investigating incidents or near-misses. The Board, however, considers processes for conducting investigations to be implicit with any process developed to satisfy OPR 6.5(1)(r) and therefore companies must demonstrate how they develop adequate and effective corrective and preventive actions associated with incidents and near-misses.
Enbridge provided its IMS-01 4.10 Event Investigation Processes, and its IMS-01 4.6 Corrective and Preventive Action Management (CAPA) Process in support of it meeting the requirements of OPR 6.5(1)(r). The Board found that Enbridge’s Event investigation Processes were designed in aid of understanding the causes of events from the perspective of root and contributory causes to prevent recurrence within the Enbridge entities to which it is applied. The processes included Event Investigation Principles, Event Impact Criteria and Low and Medium and High Impact Event Investigation Processes. The IMS-01 4.10 processes were documented in detail. Review of the associated process maps indicated that the processes included specific links to the IMS-01, 4.6 CAPA process for assurance of consistent corrective and preventive action development and implementation. Review of the IMS- 01, 4.6 CAPA Process is documented below.
The Board noted that the process maps provided to the Board indicated that the processes had not been full established and implemented at the time of the Board’s audit. Regardless of the full implementation of the processes, the Board was able to see evidence of implementation of key investigation process activities within Enbridge’s program level activities in its audit activities.
Governance Corrective and Preventative Actions
During the audit, Enbridge indicated that its IMS, section 4.6, Corrective and Preventive Action Management Process defines the minimum standards for administering, tracking and managing corrective and preventive actions through their implementation and resolution. This process applies to Enbridge departments and addresses events, hazards and near-misses. This process includes Health Checks, internal reviews, regulatory inspections, investigation and audits. The documentation provided at the time of the audit does not show that Enbridge’s Corrective and Preventative Action Management Process has been fully implemented. Portions of the process, according to the process map, have only been partially implemented at the IMS level.
The Board notes that the requirement to have a process to take corrective and preventive action is included in many of the sub-elements within the Board’s audit protocol and the OPR. The Board therefore requires the corrective action plan developed to address the deficiencies identified for this sub-element to explicitly include all sub-element and OPR requirements, where corrective and preventive actions are referenced.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Safety Management Program Incident Reporting
At the Safety Management Program level Enbridge’s OMM books documented the company’s incident event reporting process. These documents describe the company’s process for reporting all events, with a primary focus on the external reporting required by regulatory agencies. The company’s reporting process for occupational health and safety events includes fatalities, lost-work-day injuries, injuries that require medical aid, injuries that require first aid, and near-misses. The manuals describe what should be reported, who should report it, where it is reported, and how the reports are documented. The manuals also describe supervisors and regional management responsibilities with respect to incident investigation. Enbridge includes a review of its incident reporting requirements in employee and contractor orientations. Employees and contractors must complete this review before they are allowed to start work.
Enbridge’s OMMs also document the company’s incident investigation process. The OMMs describe the criteria for what is investigated and why, as well as stakeholder responsibilities, the investigation process, training requirements for investigators, and documentation requirements.
Safety Management Program Data Management System
The Board also requires companies to have an established, maintained and effective data management system for monitoring and analyzing the trends in hazards, incidents and near-misses. Enbridge indicated that it used an intranet database called the Incident Management System to document its incidents and manage its investigation documents and process. The Board’s review of documentation and records associated with this system identified that Enbridge used this database to trend causal factors and follow-up on corrective actions. As well, the Board found that Enbridge uses this database to generate monthly, quarterly and annual incident reports for management and workers to review at safety and management meetings. The Board also identified that Enbridge practices included processes to immediately communicate critical incidents across its corporation using its high-value learning event process.
Safety Management Program Corrective and Preventive Action Process
During the audit Enbridge indicated that it had established and implemented its Corrective and Preventive Action (CAPA) Management Process that document its minimum standards for administering, tracking and managing corrective and preventive actions associated with incidents. This Corrective Action and Preventive Action process applies to all Enbridge departments. The CAPA Management Process is also used to address most of Enbridge’s processes that require the development of corrective and preventative actions such Health Checks, Internal Reviews, regulatory inspections, internal audits and the events processes. The Board examined this process as part of a number of sub-element examinations and has found deficiencies relating to implementation. The documentation of the review is found in sub-element 4.3 Internal Audits, below. Since the Board has already identified that Enbridge will have to develop corrective action plans for sub-element 4.3, the Board will not assign additional non-compliances for CAPA Management Process in this sub-element; however, Enbridge must specifically consider and include any corrective actions associated with this sub-element within the corrective action plan developed for sub-element 4.3.
Summary
The Board found that Enbridge has developed processes for reporting on hazards, potential hazards, incidents and near-misses, and for taking corrective and preventive actions.
The Board found that Enbridge has conducted investigations where required or where hazards, potential hazards, incidents and near-misses have or could have resulted in the safety the public, company employees and the pipeline being significantly compromised.
The Board also found that, at the governance level, Enbridge’s IMS-01, section 4.10 Event Investigation Processes, dated 11-December 2013 had been documented and included in its Governing Policies and Processes Management System manual and that key activities were being implemented within its programs. These processes were, however, identified as “In Progress” and therefore not established and implemented.
The Board also found that Enbridge’s process for taking corrective and preventative actions is not established or implemented as required by OPR. The Board has documented this deficiency in sub-element 4.3 Internal Audits, below. Enbridge is required to specifically consider and include corrective actions to address the process deficiencies identified in this sub-element within and corrective action plan developed for sub-element 4.3.
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies
Compliance Status: Non-Compliant
4.3 Internal Audits
Expectations:
The company shall have an established, implemented and effective quality assurance program for its management system and for each protection program, including a process for conducting regular inspections and audits and for taking corrective and preventive actions if deficiencies are identified. The audit process should identify and manage the training and competency requirements for staff carrying out the audits.
The company should integrate the results of its audits with other data in hazard identification and analysis, risk assessment, performance measures and annual management review, to ensure continual improvement in meeting the company’s obligations for safety, security and protection of the environment.
References:
OPR section 6.5(1)(w), (x)
Assessment:
Governance Quality Assurance Program
During the Board’s audit, Enbridge indicated that quality assurance is implicit within a management system, especially within the “Check-Act” elements of the standard “Plan-Do-Check-Act” structure which it follows. Therefore, Enbridge’s indicated that it met the Board’s requirements to establish and implement a documented Quality Assurance Program by having a documented, appropriately designed management system that incorporates quality assurance activities.
In reviewing Enbridge’s “Check-Act” elements, the Board noted that they do contain a number of activities that would normally be considered quality assurance activities. Examples of these activities are inspections, audits, data trending, monitoring performance measures, etc. Within the limitations of the results of the Board’s audit associated with the elements, the Board was able to view records of the activities being implemented as required.
The Board has found, however, that Enbridge’s interpretation of Quality Assurance Program is incorrect. The Board has found that Enbridge has not met its expectations with respect to “programs”. The Board has provided clear guidance as part of the guidance notes that accompany the OPR that a program is not simply a description of activities. Programs are:” a documented set of processes and procedures designed to regularly accomplish a result. A program outlines how plans, processes and procedures are linked, and how each one contributes toward the result. Program planning and evaluation are conducted regularly to check that the program is achieving intended results”. The Board’s definition is included in Section 1.0 Audit Terminology and Definitions of the attached audit report.
Governance Internal Audits
Enbridge indicated that its management system includes processes that meet the Board’s auditing process requirements. Enbridge indicated that it accounts for the OPR requirements using a combination of its Health Check and Internal Review processes. While not standard in its approach to conducting audits, the Board reviewed Enbridge’s practice to determine whether it met the OPR requirements. Additionally, Enbridge indicated that the Board should consider the audits completed as part of its Internal Auditing program activities as part of its demonstration of undertaking the required audits.
The Board found through its review of documentation and records associated with the two referenced processes that they did not individually or together constitute a compliant auditing process. The Board found that both processes were specifically designed not to be exhaustive in their reviews of practice, processes or legal requirements. Further, the Internal Review process had not been fully established or implemented at the time of the audit. Enbridge was in the process of confirming the design of the process by conducting a review of one of its internal processes.
As noted, Enbridge provided a description of its Internal Auditing process and activities as well as selected records of completed audits as a demonstration of completing audits. Review of the Internal Audit process indicated that it was a process designed to be implemented based on corporate risk priorities as directed by Enbridge’s senior governance and not a repeatable compliance review process applicable directly to the Board’s requirements. Additionally, the audit records did not demonstrate it had conducted audits compliant with OPR sections 53 or 55.
Additionally, Enbridge indicated that it had conducted a number of internal and 3rd party assessments of its management system against its OPR requirements. Review of the associated records provided by Enbridge indicated that they were evaluations of the alignment of Enbridge’s management systems with the OPR management system and program requirements and did not evaluate the adequacy and effectiveness or compliance of the company practices.
Based on the Board’s review of Enbridge’s audit processes, audit activities completed to date and other linked processes such as those related to legal requirements, Enbridge was unable to demonstrate that it had completed audits consistent with section 53 of OPR. Further, the Board finds Enbridge’s integrated management system process for conducting audits does not meet the Board’s requirements from the perspective of present design and of Enbridge’s interpretation of audits.
As noted above, Enbridge’s Health Check and Internal Review processes have specific design issues that, when evaluated together, do not meet the Board’s audit expectations with respect to comprehensiveness of the required audits. Additionally, the Board finds that Enbridge’s interpretation that the OPR audit requirements can be met using a combination of processes conducted over a number years is incorrect. The Board notes that there is a common understanding that an audit is a discrete verification activity that allows for an assessment of conformance/compliance to be made at a given time. The Board notes that the comprehensive audits it requires necessitates evaluation of systems and programs that require evaluation of linked processes and evaluations of the adequacy and implementation of the system, programs and processes. This requires specific coordination of the reviews in terms of time, processes, programs and regions. Enbridge’s present practices, based on its interpretation of the regulations, do not allow for the required assessments to be made. The Board understands that audits often contain a number of different activities; however, each activity is coordinated within the auditing process and scheduled within the individual plan for the audit.
Auditor Training
This sub-element indicates that a company audit process should identify and manage the training and competency requirements for staff carrying out the audits. Enbridge did not demonstrate that its training and competency activities account for staff implementing its audit related processes. The Corrective Action Plan associated with the Board’s Non-Compliant finding related to Training and Competency and Evaluation as described in sub-element 3.4 above will need to explicitly address this issue.
Governance Corrective and Preventive Actions Process
The Board’s audit process requirements include establishment and implementation of a process for taking corrective and preventive actions to address any deficiencies identified by the audits. As part of its review of the documentation and records provided by Enbridge, the Board reviewed the establishment and implementation Enbridge’s corrective and preventive action process. The Board found that Enbridge had developed a Corrective and Preventive Action (CAPA) Management Process and included it within its IMS governance documentation (IMS-01, section 4.6 Corrective and Preventive Action Management Process). Review of this governance process indicated that it did not meet the Board’s process design requirements as outlined in Section 1.0 Audit Terminology and Definitions section of the attached audit report. For example there are no definitions of corrective or preventive actions or appropriate linkages to or from other management system processes. Additionally, the process map indicated that none of the required steps were fully implemented.
The Board notes that the requirement to have a process to take corrective and preventive action is included in many of the sub-elements within the Board’s audit protocol and the OPR. The Board therefore requires the corrective action plan developed to address the deficiencies identified for this sub-element to explicitly include all sub-element and OPR requirements, where corrective and preventive actions are referenced.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Safety Management Program Internal Audits.
Safety Management Program Quality Assurance and Internal Audits.
As noted above, Enbridge was unable to demonstrate that it has an established, implemented and effective quality assurance program for its management system and Safety Management Program; however, the company did provide examples of completed audit and review activities and did provide an overview of several safety related inspection programs which are being completed on a regular basis.
At the safety management program level, Enbridge uses various techniques to monitor its safety performance and compliance and confirm that its safety controls are effective. Examples of these activities provided by Enbridge included a management system review of the existing Safety Management System, external Certificate of Recognition (COR) audits, internal Health Checks, Integrated Reviews, Internal Audits and inspections.
During the audit Enbridge provided documentation and records demonstrating its latest program review that was in process during the audit. The review was being undertaken as part of Enbridge’s implementation of its Integrated Management System approach. Enbridge indicated that the following activities had been integrated into the review that demonstrate its quality assurance and program review activities:
- review of the linkage of health and safety objectives to the strategic planning objectives of the company;
- review of the findings of previous year’s health and safety reviews;
- review of the achievement of health and safety program objectives;
- review of the suitability of the health and safety management system to the operating environment of the organization;
- review of current regulatory, legislative and legal requirements;
- review and revision of key health and safety hazards and risks; and
- review of internal stakeholder concerns regarding the health and safety management system processes.
The Board reviewed all of the program level Quality Assurance information provided by Enbridge and found that, while it demonstrated that activities that are normally associated with a Quality Assurance program are being undertaken, it does not meet the Board’s Quality Assurance program expectations. The Board notes that it has provided its program expectations within Section 1.0 Audit Terminology and Definitions of the attached audit report.
Safety Management Program Internal Audits
As noted above, Enbridge utilizes a combination of its Health Check Process and its Internal Review Process to meet the Board’s OPR requirements. The Board found that this process is deficient; however, the Board reviewed Enbridge’s audit practices and results to determine whether the company was meeting its audit requirements at a program level. During the audit, Enbridge provided records relating to a number of its Safety Management Program audit activities that it had completed.
Enbridge provided the following examples of audits completed or planned:
- External Alberta Certificate of Recognition (COR) Audits and follow-up records;
- Internal Integrated Review Reports and follow-up records;
- Internal Health Check Reports and follow-up records;
- Internal Audits conducted by Internal Audit group and follow-up records; and
- External Management System Evaluations completed as part of Management Review practices.
Review of the documents and records provided indicated that Enbridge has been conducting regular activities to evaluate portions of its Safety Management Program. The Board noted that the COR review practices utilized by Enbridge are recognized to meet provincial requirements for safety program review and have been conducted four times since 2009.
In addition to the process deficiencies identified in the governance section above, review of the supporting protocol records provided indicated that the activities would not lead to a demonstration that Enbridge has conducted audits compliant with the OPR. Examples of the program deficiencies noted included, among other things:
- Enbridge did not demonstrate that it had developed the comprehensive lists required to evaluate compliance;
- COR audits are based on provincial safety legislation and did not directly account for NEB, CLC and CSA-Z662 requirements;
- The processes and protocols used were not designed or required to be comprehensively assess all departmental functions or performance; and
- The audits primarily focused on assessing conformance to company standards and practices and the legal requirements referenced in the procedures scoped in to the audits.
Safety Management Program Corrective and Preventive Actions
During the audit the Board reviewed the documentation and records associated with the corrective and preventive actions resulting from Enbridge’s safety management audit processes. In reviewing the program level records the Board noted that many of the corrective actions developed had remained open for a substantial period of time prior to closure (3-5 years to closure and some remained open after similar periods of time). Enbridge staff interviewed indicated a number of reasons for this practice including resourcing levels for oversight and implementation as well as oversight and responsibility being kept within regions that limited the accountability for closure. Regardless of the reason, the corrective action plans were not closed within a reasonable length of time or as per schedule on a consistent basis. In reviewing the findings of the audit activities being undertaken across the regions, the Board noted that a number of similar or identical findings were being made in successive annual reviews being conducted in the different regions. This trend is interpreted by the Board to indicate that Enbridge is not examining the findings to determine if preventive actions are required to correct similar deficiencies occurring in other regions. The Board found no evidence that Enbridge had developed a process to differentiate between corrective and preventive actions and their differing management requirements.
Summary
The Board found that Enbridge demonstrated that it is conducting many of the activities that are normally contained within a quality assurance program on a regular basis.
The Board also found deficiencies with Enbridge’s Quality Assurance Program from the perspective of definition, design and management.
Enbridge provided several examples of completed audit related activities; however, the Board found deficiencies with respect to the design of the management system audit processes and activities.
The Board also found that Enbridge was not able to demonstrate that it has undertaken audits consistent with the OPR requirements.
The Board found that Enbridge had not established and implemented a management system process for taking corrective and preventive actions at both the management system and program levels that meets the OPR requirements. The Board notes that the requirement to have a process to take corrective and preventive action is included in many of the sub-elements within the Board’s audit protocol and the OPR. The Board therefore requires the corrective action plan developed to address the deficiencies identified for this sub-element to explicitly include all sub-element and OPR requirements, where corrective and preventive actions are referenced.
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
4.4 Records Management
Expectations:
The company shall have an established, implemented and effective process for generating, retaining, and maintaining records that document the implementation of the management system and its protection programs, and for providing access to those who require them in the course of their duties.
References:
OPR section 6.5(1)(p)
Assessment:
Governance Records Management
During the Board’s audit, Enbridge provided the Board with a copy of its draft governance Records Management Process. The Board’s review indicated that process incorporated its existing practices along with new requirements within it. The Board could not determine the adequacy of the process as some of the referenced Tier 2 and 3 documents were not provided with Enbridge’s submission. As well, the Board did not find that the process was established or implemented as it was considered by Enbridge to be in draft format and staff interviewed did not refer to it as a required process during interviews. The Board found that Enbridge has not established or implemented a management system process the meets the OPR requirements. This lack of a compliant management system process, however, is not indicative of a lack of formal records management within Enbridge.
The Board found that, at the time of the audit, Enbridge managed its records according to its Records Management Policy. Based on this policy Enbridge had developed its Records Retention Schedule and Records Development and Sustainment Standard that further guided its records practices. In reviewing these documents, the Board found that Enbridge has established practices for generating, retaining and maintaining its corporate records.
The Board’s review of Enbridge’s corporate records management practices identified that the company’s Records Management department is responsible for developing and maintaining the company’s records management requirements and recommended processes and that its individual department managers are responsible for maintaining and implementing processes and practices at the department level. Department managers develop, maintain and implement departmental records procedures that are aligned with the company’s records management requirements. During its audit the Board found that the established requirements and practices were being implemented on a consistent basis and that the existing requirements were incorporated into the draft Records Management Process.
(Note: During its audit the Board noted that Enbridge’s Management and Protection Programs are directed by its Governance Management System Processes; therefore, a full review of the Governance Processes and their application at the “program” level follows.)
Safety Management Program Records Management
The Board found that the departmental processes and practices for Enbridge’s Health and Safety Program had been developed as required by the Records Management Policy and associated documentation. Enbridge’s OMM books describe the requirements and process for developing and managing records in the Health and Safety Program at a departmental level. Enbridge uses several databases and filing systems to manage its health and safety records. The following are examples of processes and practices reviewed by the Board that required records and records management processes: facility inspection, safety meetings, hazard identifications, risk assessments and job observations.
Through interviews and record review, the Board found that Enbridge is using its records management processes and practices to manage the records in its Health and Safety Management Program. Further, Enbridge employees had access to all the safety records they need to perform their work safely.
Summary
The Board found that Enbridge had developed a draft governance Records Management Process as part of it integrated management system.
The Board also found that, due to the draft nature of the process, Enbridge did not demonstrate that it has established and implemented a management system process that meets the OPR requirements.
The Board also found that Enbridge had implemented a consistent records management practice for application across its organization that resulted in appropriate records management practice being implemented at the program and corporate levels.
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
5.0 Management Review
5.1 Management Review
Expectations:
The company shall have an established, implemented and effective process for conducting an annual management review of the management system and each protection program and for ensuring continual improvement in meeting the company’s obligations to perform its activities in a manner that ensures the safety and security of the public, company employees and the pipeline, and protection of property and the environment. The management review should include a review of any decisions, actions and commitments which relate to the improvement of the management system and protection programs, and the company’s overall performance.
The company shall complete an annual report for the previous calendar year, signed by the accountable officer, that describes the performance of the company’s management system in meeting its obligations for safety, security and protection of the environment and the company’s achievement of its goals, objectives and targets during that year, as measured by the performance measures developed under the management system and any actions taken during that year to correct deficiencies identified by the quality assurance program. The company shall submit to the Board a statement, signed by the accountable officer, no later than April 30 of each year, indicating that it has completed its annual report.
References:
OPR sections 6.5(1)(w), (x), 6.6
Assessment:
(The sub-element is attributed to companies’ senior management and Accountable Officer; therefore, the Board does not break up its review into governance and program levels.)
Annual Management Review
Enbridge’s IMS-01, section 4.3, Management System Review Process describes the process the company follows to ensure that each management system, including IMS-04, is reviewed annually to confirm that desired results are being achieved. As detailed in IMS-04, section 6.0, Management System Review, Safety Management program personnel are required to complete an annual management system review of IMS-04 to evaluate the overall performance of the program and to identify and address areas of improvement required to meet the department priorities and the company’s priorities and obligations. At the time of the audit, IMS-04 had not been fully established or implemented. Enbridge was using its Book 2, Safety - Health and Safety Management System review process to guide its management review. Book 2 states that the department must review and update its management system at least once every five years. The Board reviewed Enbridge’s 2014 Management System Review Report. This report demonstrated that Enbridge had completed an assessment of its Safety Management program including the activities, the results and the completed and planned improvements. Enbridge indicated that an additional process, PC-1801, Accountable Officer Report Development Process, is also used to evaluate the management system and the output of this evaluation is the Annual Report.
Upon review of the processes and records supporting implementation of an annual management review, the Board noted the following:
- IMS-01, Management System Review Process is not fully established; as defined by Enbridge standards, all process steps were considered aspirational;
- PC-1801, Accountable Officer Report Development Process is not referenced or inferred in IMS-01 or IMS-04 and thus is not integrated into Enbridge’s management system;
- PC-1801, Accountable Officer Report Development Process is not established as per the Board’s working definition (approval date on the document is 21 October 2014);
- IMS-04, Annual Management System Review has not been implemented; and
- While certain tasks are being reviewed by practice or by exception, the Book 2, Management System Review Process does not include a review of the implementation of the Safety Management program at the Operations level.
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board has determined that Enbridge has not established and implemented a process for conducting an annual review of its management system and protection program. Enbridge will have to develop corrective actions to address the described deficiencies.
Management System Evaluation
While the Board has listed this requirement under sub-element 4.1 of the Protocol, Enbridge indicated during the audit that its IMS-01,Management System Review Process is also used to evaluate the adequacy and effectiveness of the company’s management system. In reviewing the content of this governance process, the Board found that Enbridge indicated that each process within the management system is reviewed to ensure its effectiveness. This requirement is also described in IMS-04, Management System Review Process. Enbridge has developed an additional process, PC-1701, Management System Evaluation Process, which includes an evaluation of the adequacy and effectiveness of the overall management system. Records provided to demonstrate the implementation of each of these processes include:
- 2014 Health and Safety Management System Review Report;
- 2013 Internal Management System Alignment Assessment; and
- 3rd Party Assessment (Dynamic Risk) completed in 2013.
Upon reviewing the various processes and records supporting the implementation of a process for evaluating the adequacy and effectiveness of the company’s management system, the Board noted the following:
- IMS-01, Management System Review Process is not fully established; as defined by Enbridge standards, all process steps were considered aspirational;
- IMS-01; Management Review Process does not include an evaluation of the adequacy of the management system;
- IMS-04, Annual Management System Review has not been implemented;
- PC-1701, Management System Evaluation Process is not referenced or inferred in IMS-01 or IMS-04 and thus is not integrated into Enbridge’s management system;
- Internal Management System Alignment Assessment describes assessing the adequacy, effectiveness and implementation of processes, but it is based on the OPR requirements and not on an evaluation of Enbridge’s management system as designed; and
- 3rd Party Assessment (Dynamic Risk) is strictly an alignment compliance assessment to the OPR 6.1-6.6 requirements and does not attest to the adequacy or effectiveness of Enbridge’s management system (IMS 01 et al).
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board has determined that Enbridge has not established and implemented a process for evaluating the adequacy and effectiveness of its management system. Enbridge will have to develop corrective actions to address the described deficiencies.
Annual Report
Enbridge develops an Annual Accountable Officer Report that describes the performance of the company’s management system in meeting the company’s obligations for safety, security and protection of the environment. The report also describes the company’s performance in achieving its goals, objectives and targets, and correcting deficiencies identified by its quality assurance program. Performance is measured by performance measures developed under the management system. The PC-1801, Accountable Officer Report Development Process describes the required process for developing the Accountable Officer Report. According to this process, the Annual Accountable Officer Report must “detail the performance of Enbridge LP management system and will cover areas of leadership, performance measures, internal review, management review and corrective actions taken.” The report must also include details about achievement of goals, objectives and targets during that year as assessed through performance measures.
According to the PC-1801, Accountable Officer Report Development Process, Enbridge must complete its annual Accountable Officer Report, have it signed by the accountable officer, and submit it to the Board no later than April 30 each year. The Board confirmed that the Accountable Officer Report for the 2013 performance year was signed by the accountable officer, and submitted to the Board by April 30, 2014.
Upon review of the Annual Report, the Board noted that the report references some internal and external reviews conducted on the management system. The Annual Report also includes a section that describes the actions taken that year to address deficiencies. However, Enbridge’s Annual Report does not specify the deficiencies and action items, and does not focus on the development and status of the management system. While it is important to communicate this information to the accountable officer, it is not fully representative of the Board’s quality assurance program requirement (see sub-element 4.3). Thus, it is unclear whether the accountable officer is aware of the actions taken that year to address deficiencies identified by the quality assurance program. The Board noted that several corrective actions for Enbridge’s Safety Management program internal reviews remain open a number of years after their scheduled completion dates. Board also noted that the deficiencies identified in sub-elements 1.2 and 2.3 will need to be addressed in future annual reports.
Management Responsibility
Further to the review of these processes and activities, the Board notes that Enbridge has not conducted audits consistent with its OPR obligations. The Board views the responsibility for undertaking these audits as resting with the company’s senior management (as represented by its Accountable Officer) as the annual report developed as per OPR specifically requires review and reporting on aspects of the Quality Assurance Program (specifically including audits) and the performance of the management system in meeting its obligations under OPR section 6. Additionally, the Board has made Non-Compliant findings related Sub-elements 1.2 Policy and Commitment Statements and 2.3 Goals, Objectives and Targets that relate to the development of explicit policies and goals required by the OPR. While the Board’s Non-Compliant findings are mitigated by the nature of the deficiencies (implicit inclusion vs. explicit requirements), it is the responsibility of company management to ensure the development and implementation of compliant policies and goals that guide the company’s management system and programs.
Summary
The Board found that Enbridge had developed processes for and undertaken activities relating to its Management Review responsibilities.
The Board also found that Enbridge’s processes did not meet all of the requirements outlined in the OPR.
The Board also found that some of the Non-Compliant findings in this audit are related to sub-elements where Enbridge’s Senior Management has responsibilities to ensure that management direction, oversight and formal monitoring are occurring.
Based on the Board’s evaluation of Enbridge’s management system and Safety Management program against the requirements, the Board has determined that Enbridge is Non-Compliant with this sub-element. Enbridge will have to develop corrective actions to address the described deficiencies.
Compliance Status: Non-Compliant
- Date modified: