Post on 06-Jan-2018
description
1
3rd Party Certification Process Overview
Presented to: Houston STEPS
Representing COS: Dr. Jeff Ostmeyer, CPEA EHS Advisor – Center for Offshore Safety Anadarko Petroleum Corporation June 19, 2012
2
COS Mission Statement
Our Mission...Promote the highest level of safety for offshore drilling, completions, & operations by effective leadership, communication, teamwork, utilization of disciplined safety management systems & independent third-party auditing & certification.Our Objectives…• Enhancing and continuously improving industry's safety and environmental performance,• Ensuring public confidence and trust in the oil and gas industry,• Increasing public awareness of industry's safety and environmental performance,• Stimulating cooperation within industry to share good practices and learn from each other, and• Providing a platform for collaboration between industry, the government, and other stakeholders.
06/15/12
3
COS Operating Basis
The Center for Offshore Safety will be responsible for:
• Providing expert assistance to member companies,
• Assuring that third party certification program auditors meet the program’s goals, and that the program is complementary with government regulations,
• Compiling and analyzing key industry metrics,
• Coordinating Center sponsored functions designed to facilitate the sharing and learning process,
• Identifying and promoting opportunities for industry to continuously improve,
• Interfacing with Industry leaders to assure leadership and system deficiencies are recognized and addressed promptly, and
• Communicating with government and external stakeholders.
06/15/12
4
• One-stop central source for:- Information & knowledge- Audit accreditation- Program certification- Tools and technical
assistance
• Promote an industry culture of incident-free operations
- Process safety in addition to personal safety- Emphasis on behavior- No harm to people, no harm to environment
• Elevate the industry’s quality and safety standards
- Create and share good practices- Continuous improvement
COS Vision and Path Forward
06/15/12
5
Key Objectives - COS 3rd Party Certification
COS accredited 3rd party audits satisfy BSEE’s requirements for audits.
COS’s auditing process provides members with a higher level of confidence on managing risk and identifying specific opportunities for improving performance on their facilities.
Member specific data is treated private and confidential.
The auditing process results in learnings and good practices being shared with the COS which then shares with industry leading to improved industry performance.
COS incurs no liability as a result of the audit process.
Government regulators embrace COS accredited 3rd party audits as an effective means of complying with the regulations and improving industry performance.
- DRAFT - Work in Progress
06/15/12
6
Current SEMS Requirements
COSMember
Auditor(s)*GovtRegulators Retains auditing
services
Informs Audits
* May be either internal or external
- DRAFT - Work in Progress06/15/12
7
COSMember
Auditor(s)*GovtRegulators Retains auditing
services
Informs Audits
*Must be external
- DRAFT - Work in Progress
SEMS II (As Proposed)
Informs
Approvesqualifications
06/15/12
8
COS Planned Approach
COS ASPs*
COSMember
Auditor(s)GovtRegulators
Accredits
Manages and provides oversight
Retains auditing services
Informs
Audits
Provides perspective
*Audit Service Providers
Start
InformsIssues SEMScertificates
- DRAFT - Work in Progress02/16/12
9
COS Member (Operator, Drilling Company, Service Company, and/or Supplier)
1. Determines need for SEMS audit to comply with government regulations and/or COS requirements,
2. Retains services of a COS accredited Audit Service Provider (ASP) to perform SEMS audits,
3. Takes responsibility for notifying government regulatory agencies as required by regulations,
4. Agrees to share SEMS audit data with the COS, via a standardized format, for purposes of determining industry trends, and
5. Takes responsibility for notifying government regulatory agencies of SEMS audit results.
Basic Requirements
Center for Offshore Safety (COS)
1. Establishes standards for 3rd party Audit Service Providers (ASPs), auditors, and SEMS audit protocol and certifications,
2. Works with COS members to understand industry audit requirements to assure sufficient numbers of COS accredited 3rd party auditors for COS members,
3. Accredits ASPs; periodically validates ASPs' and Auditors' performance, and effectiveness of COS audit protocol,
4. Compiles industry data and shares w/industry via COS reports and sponsored forums, and
5. Agrees to maintains confidentiality of COS Member specific data.
- DRAFT - Work in Progress
06/15/12
10
Auditor 1. Maintains qualifications and competency consistent with expectations of ASP expectations and requirements, COS standards, and government regulations,
2. Performs SEMS audit services solely in behalf of ASP; utilizes COS auditing protocols and standardized reports,
3. Complies with all government regulations and COS member safety requirements,
4. Agrees to maintain confidentiality of audit findings, and5. Agrees to allow ASP and/or COS to periodically assess auditor
qualifications, competency, and performance..
Audit Service Provider (ASP)
1. Retains the service of professional (e.g., qualified, competent, and certified) auditors and subject mater experts to provide SEMS auditing services for COS members,
2. Provides oversight to SEMS auditors to assure compliance with COS standards and SEMS auditing protocol,
3. Performs audit services in behalf of COS member; works with COS member to determine both scope, duration, and logistics of SEMS audit; agrees to maintain confidentiality of audit findings,
4. Issues SEMS certificate(s) at closeout of audit, and agrees to provide COS with standard report at closeout of audit, 5. Agrees to allow COS to periodically assess ASP and auditor performance.
Basic Requirements
- DRAFT - Work in Progress
06/15/12
11
COS Suggested Strategic Approach to ManagingRisk Through 3rd Party Audits and Certification
- DRAFT - Work in Progress
Key Considerations
1) All offshore facilities do not represent the same inherent risk:
- Deepwater Risk > OCS Risk
- Drilling Risk > Operating Risk
- New Operations Risk > Mature Operations Risk
2) The level of audit should match the level of risk:
- Lower and moderate relative risk warrant 2 levels of audit control
- Higher relative risk warrant 3 levels of audit control
3)Staging of audits should reflect risk; higher relative risk first
4)If resources are potentially limited then a process should be in place to assure those resources are focused on higher relative risk first
06/15/12- DRAFT -
Work in Progress
12
COS Suggested Strategic Approach to ManagingRisk Through 3rd Party Audits and Certification
- DRAFT - Work in Progress
Training Requirements for Auditors
(COS – 2 – 01)
Audit Team Requirements(COS – 2 – 02)
Audit Service Provider
Oversight(COS – 2 – 03)
Accreditation Organization
Oversight(COS)
(COS – 2 – 04)
Incr
easi
ng L
evel
s of
Con
trol
1st Layer of Control
2nd Layer of Control
3rd Layer of Control
+
Deepwater(+1000 ft)
06/15/12- DRAFT -
Work in Progress
13
COS Suggested Strategic Approach to ManagingRisk Through 3rd Party Audits and Certification
- DRAFT - Work in Progress
06/15/12
Training Requirements for Auditors
(COS – 2 – 01)
Audit Team Requirements(COS – 2 – 02)
Audit Service Provider
Oversight(COS – 2 – 03)
Accreditation Organization
Oversight(COS)
(COS – 2 – 04)
Increasing Risk
Incr
easi
ng L
evel
s of
Con
trol
1st Layer of Control
2nd Layer of Control
3rd Layer of Control
+
Lower RelativeRisk
(i.e., Mature Facilities on OCS)
Moderate RelativeRisk
(i.e., Drilling on OCS)
Higher RelativeRisk
(i.e., Deepwater Drilling and Operations)
OCS
Deepwater(+1000 ft)
+
+
Requirements Addressed within Current SEMS Proposal
- DRAFT - Work in Progress
14
Lead Auditor
COS Link to Competency Assurance
COS Audit Service Provider
Auditor(s)
Accredits and periodically
audits processes and joint
competencies
- DRAFT - Work in Progress
May periodicallyevaluate individual
competency May periodicallyevaluate individual
competencyCertified Training Provider
Accredits and periodically
audits training program
06/15/12
15
COS/ASP/COS Member Company Relationships
- DRAFT - Work in Progress
COS MemberCompany
Audit Service Provider (ASP)
COS• Membership Agreement
- Ready for endorsement by COS Board- References COS publications
• Contract between ASP and COS Member Company
- Suggested language for contract referenced in contract between COS and ASP
• Contract between ASP and COS- Under development by API - Stipulates using COS language in contract between ASP and COS Member Company- References COS publications
Certification Process•Audit protocol•ASP qualifications•Auditor qualifications•Standard audit report
06/15/12
16
COS Member/Contractor/ASP Relationships
COS Accredited
ASP
COSMemberContractor*
COS Accredited
ASP
Recognizes COS certificatesIssued by other COS
accredited ASPs and avoids duplication of auditing
Resolves potential SEMS conflicts via bridging document
Retains auditing services
Issues SEMScertificates
Issues SEMScertificates
Retains auditing services
*Generic term for drilling company, service/supply company, construction company
- DRAFT - Work in Progress
06/15/12
17
COS Certification – How it Works
- DRAFT - Work in Progress
Step 1 – Establishing Audit Service Providers
-An ASP (as an independent entity with no ties to the COS) implements a business model for creating and managing an audit team to provide 3rd party auditing services to industry. Audit team must be qualified and trained consistent with COS publications.
-An ASP approaches COS/API for COS accreditation.
-The ASP pays for the accreditation process and agrees to periodic oversight by COS.
-The COS/API accredits Audit Service Provider(s (ASPs) and adds the ASP to the COS published list of accredited ASPs.
05/23/12
18
COS Certification – How it Works
- DRAFT - Work in Progress
Step 2 – Linking Audit Service Providers with COS Members
-A COS Member establishes a need for a 3rd party audit and utilizes the COS website to identify/validate potential audit service providers (ASP).
-The COS Member selects an ASP and enters into a business agreement with the ASP to provide a 3rd party audit; the COS Member and ASP business contract includes language endorsed by the COS.
-The ASP and COS Member agree to an “audit plan” consistent with COS protocols and publications.
-The ASP provides the COS a courtesy notice such that the COS, at COS’ discretion, may provide oversight consistent with the accreditation process.
06/15/12
19
COS Certification – How it Works
- DRAFT - Work in Progress
Step 3 – Performing the Audit and Closeout
-The ASP performs a SEMS audit consistent with COS protocol.
-The ASP, through the use of COS standard report, provides the COS Member Company a report that identifies SEMS gaps, and identifies which gaps must be closed out to “certify”.
-The COS Member creates a gap(s) closure plan for review with the ASP. The ASP and COS Member agree to timing for gap(s) closure and which gaps closures must be validated by ASP.
-The ASP also creates a recommendation on “good practices” that the COS Member may consider sharing with the COS.
06/15/12
20
COS Certification – How it Works
- DRAFT - Work in Progress
Step 4 – Issuing Certificates
-Upon closeout of audit gaps, the ASP issues the standard COS report to the COS, and
-The ASP issues a dated COS Certificate.
Step 5 – COS Member Company Follow-Up
-The COS Member Company, at their own discretion, shares “better practices” with the COS (or allows the ASP to do so in their behalf).
-The COS Member Company, consistent with COS Membership Agreement, maintains their SEMS program, and seeks out recertification within 3yr period.
06/15/12
21
Assuring Team Competency
Do individual team members meet requirements established in Section x.x (see slide # 22 for summary)
Does Team Lead meet requirements established in Section x.x (see slide # 24 for summary)
Does whole audit team meet requirements established in Section x.x (see slide #26 for summary)
Audit may proceed
Select different individuals and revalidate competency against Section x.x
Select different Team Lead and revalidate competency against Section x.x
Add additional and/or select different team members and revalidate competency against Section x.x
Yes
Yes
Yes
No
No
No
Start
- DRAFT - Work in Progress
06/15/12
22
Audit Team Member Competency COS-1-03
Audit Team members shall meet the following minimum qualification requirements:-Two (2) yrs. offshore oil and gas (or related industry) experience,-Evaluated by either the Audit Service Provider (ASP) through the ASPs documented process or by a recognized auditor Certification Body (i.e., BEAC)-Completed a 24 hour training program that meets the applicable requirements outlined in COS-1-04, and includes three (3) hours of examination and/or skills evaluation.
Technical competency of the audit team may be supplemented by use of Technical Experts with the following qualifications:-Bachelor’s degree or equivalent work experience, -Five (5) years experience in oil and gas (or related industry), and-Five (5) years experience specifically in the area of their expertise.
If a Technical Expert is designated as an audit team member, then that Technical Expert must meet the expected requirements for audit team members.
- DRAFT - Work in Progress06/15/12
23
Auditor(s)
- DRAFT - Work in Progress
Audit Service Provider
Checks certification, training, and qualification
as SEMS auditor
Quality Assurance for Auditor Designation
Certified Training Provider
Provides COS endorsed SEMS auditor training and evaluation
Note: An Audit Service Provider may also be a certified training provider.
06/15/12
24
Audit Team Lead Competency
- Been certified by an auditor Certification Body (i.e., BEAC, RAB-QSA, IRCA, etc.) as a management system auditor,
- Participated in at least three (3) audits in the past three years, - Participated full time in at least one (1) audit as either a lead auditor or a
lead-auditor-in-training,- A minimum five (5) yrs. offshore oil and gas (or related) experience within
the last 8 years,- Completed an additional eight (8) hrs. lead auditor training class that
includes one (1) hour on professional ethics, and one (1) hour of examination and/or skills evaluation.
In addition to meeting the qualifications outlined for an audit team member, lead auditors will have:
- DRAFT - Work in Progress06/15/12
25
Lead Auditor
- DRAFT - Work in Progress
Audit Service Provider Checks
certification, training, and qualification
as managementsystem lead
auditor
Quality Assurance for Lead Auditor Designation
Certified Training Provider
*BEAC, RAB-QSA, IRCA, etc.
AuditorCertification
Bodies*
Issues certification
as managementsystem auditor
Provides COS endorsed SEMS
lead auditor training and evaluation
Note: An Audit Service Provider may also be a certified training provider.
06/15/12
26
Audit Team Collective Competency
Audit teams must have a joint competency that reflects:-Five (5) yrs. experience in development and implementation of HSE management systems,-Five (5) yrs. experience with MOC, HRAs, offshore procedures, process safety, and mechanical integrity,-Two (2) yrs. experience with interpretation and application of 30 CFR Part 250/RP 75,-Specific knowledge and understanding of COS RP75 SEMS audit protocols, and-Specific knowledge and experience related to operation of the facility.
Collective competency may be achieved by either a single individual or the combined competency of multiple individuals.
For full scale SEMS program certification, audit teams must have as a minimum of one (1) Audit Team Leader that meets the audit team lead qualifications plus two (2) additional auditors that meet the audit team member qualifications.
Validation of individual facility compliance with a company’s SEMS program will be performed as agreed to between the ASP and the company.
- DRAFT - Work in Progress
06/15/12
27
Additional Key Points1. The ASP is responsible for selecting, qualifying, and appointing audit team
members and, if necessary, technical experts to assure audit team competence leads to a high quality audit.
2. The audit team, as a whole, must either have the required collective competency to assess the technical challenges of the facility being audited, or must supplement the audit team with qualified technical experts.
3. Specific roles and responsibilities of the audit team members must be documented and cross checked.
4. ASPs must have a documented process in place for periodically evaluating the performance of both audit team leaders and audit team members.
5. ASP’s are responsible for assuring audit team leaders are maintaining competency.
6. In addition to the training outlined in COS-1-01, each member of the audit team must have safety related training (i.e., HUET, TWIC, etc.) required by the offshore facilities being visited.
7. The COS reserves the right to periodically, at COS’s discretion, audit ASP processes and auditor(s) competency.
- DRAFT - Work in Progress06/15/12
28
Lead Auditor*
Audit Service Provider
Auditor(s)
- DRAFT - Work in Progress
Periodicallyevaluates
ASPCompetency
Evaluator
Assigns
Evaluatesreal time
Provides oversight and leadership
Periodicallyevaluates
ASPs Link to Competency Assurance
* Lead Auditors must also have a certification as a management system auditor issued by an internationally recognized auditor certification body (ACB) such as BEAC, RAB-QSA, IRCA, etc.
06/15/12
29
Lead Auditor*
Training Providers Link to Competency Assurance
- DRAFT - Work in Progress
Certified Training Provider
ASPCompetency
Evaluator
Trains, evaluates, and issues certification
as COS SEMS lead auditor
* Lead Auditors must also have a certification as a management system auditor issued by an internationally recognized auditor certification body (ACB) such as BEAC, RAB-QSA, IRCA, etc.
Trains, evaluates, and issues
certification as COS SEMS lead
auditorAuditor(s)
Trains, evaluates, and issues
certification as COS SEMS auditor
06/15/12
30
SEMS Audit Reporting Timeline
- DRAFT - Work in Progress
SEMS audit Initiated by
COS Member
COS Member contracts
with ASP to perform
SEMS audit
COS provided a courtesy
notification
Audit Starts
Auditing Complete – Formal audit
close-out meeting
between ASP and COS Member
Draft Audit report provided
to COS member by
ASP
ASP Audit
Plan to COS
Member
As Agreed to by member and
ASP6 Months Maximum
3 years
30 Days 30 Days
Minimum 30 Days
COS Member decides that
audit will meet BSEE
requirements
COS Member provides
audit plan to BSEE
ASP issues COS Standard Audit Report to COS
Member
Report identifies NCs (does not
include corrective action plans)
BSEE Audit Complete
COS Member completes report with corrective action plans
to address NC’s identified in the COS
Standard Audit Report issued by ASP
Corrective action plans include timing
and responsible parties
If audit to fulfill BSEE requirement – ASP to
submit the COS Standard Audit report
to BSEE, and COS member to provide
COS Standard Audit Report to BSEE with
corrective action plans included
ASP accepts and verifies corrective actions; all NCs must be closed out for ASP to
certify
ASP provides completed COS Standard Audit
Report with corrective action
plans to COS
Good practices shared with COS,
if approved by COS member
ASP issues a dated COS SEMS
Certificate
Audit Closed
COS Member Company maintains
their SEMS program
COS Member Company starts next
COS certification
audit within 3 year period
COS Member implements
corrective action plan
As Agreed to by member and ASP
COS member consults with ASP on a verification process.
06/15/12
3106/15/12
COS Standard SEMS Report
- DRAFT - Work in Progress
32
COS Standard SEMS Audit ReportStakeholders - Needs
To ensure the needs of all stakeholders are met, we need to identify the stakeholders and understand their needs.
A single report that meets all common stakeholder needs will benefit everyone.
06/15/12 - DRAFT - Work in Progress
33
COS Standard SEMS Audit ReportStakeholders
1. Operator / Auditee
2. BSEE
3. COS
4. Industry (General Sense)
5. Industry (Senior Executives)
6. Public & NGO06/15/12 - DRAFT -
Work in Progress
34
COS Standard SEMS Audit ReportStakeholders – Needs - Operator/Auditee
1. Provide a standard report format with enough detail to identify appropriate corrective actiona. Adequacy of system vs failure to execute
2. Meet reporting needs to satisfy BSEE compliance requirements (directly transferable)a. Timely b. Minimize delays
3. Meet reporting needs to COS (directly transferable)a. Must add value
4. Avoid Failurea. Objectivity rather than Subjectivity b. Unacceptable delays in meeting regulatory timing
requirementsc. Provide enough detail to take action, without
getting into excessive non-value added information
06/15/12 - DRAFT - Work in Progress
35
COS Standard SEMS Audit ReportStakeholders – Needs - Industry (General Sense)
Indirectly from COS1. Timely access to data2. General understanding
a. What’s working (complying)b. What’s not working (noncomplying)c. Potential effective practices
06/15/12 - DRAFT - Work in Progress
36
COS Standard SEMS Audit ReportStakeholders – Needs - Industry (Senior Executives)
Indirectly from COS1. Level of confidence on actual progress2. Understanding of industry exposure3. Limit individual company liability4. Potential effective practices
06/15/12 - DRAFT - Work in Progress
37
Standard COS SEMS Audit Report Includes: - all consistent needs
Excludes: - non-consistent needs
06/15/12 - DRAFT - Work in Progress
38
COS Audit Report
Utilization of report findings
06/15/12 - DRAFT - Work in Progress
39
Audit Report• Cover Pages
– Who, What, When, Where, and How
• Results– Section for each of the 13 SEMS Elements– Nonconformances
SEMSElement
SEMSAudit
Question
RegulatoryRequirement
Nonconformance
Objective Statement of
NonconformanceCorrective Action Plan
Responsible Person and
TitleDue Date
Date Closed
1 1 Text from Protocol Objective statement
1 2 Text from Protocol Objective statement
1 3 Text from Protocol Objective statement
1 4 Text from Protocol Objective statement
06/15/12 - DRAFT - Work in Progress
40
SEMS Elements Analysis – Raw Data - % Conformance by Element
% Compliance
Ele
men
t
06/15/12 - DRAFT - Work in Progress
41
SEMS Elements Analysis – Raw Data - % Conformance by Question in Element
Element 7
% Compliance
Que
stio
n
06/15/12 - DRAFT - Work in Progress
42
SEMS ElementsAnalysis – Ranked Data
Element Rank by # of NC # of NC
# of Identified Good Practices
3 Highest 2
12 0
8 3
… …
4 Lowest 6
06/15/12 - DRAFT - Work in Progress
43
SEMS ESEMS Evaluation & actionlements - Results Analysis
– Ranked by Company Compliance (blind)
% C
ompl
ianc
e
Company
06/15/12 - DRAFT - Work in Progress
44
SEMS Evaluation & action
• Develop and implement blind voluntary system for COS Members to share effective practices, by SEMS Element, with other COS Members
– Members with an effective SEMS element can provide effective practices• Members can view effective practices provided by other members• May have a COS review panel to evaluate provided effective practices
– COS review panel could include ASP– COS review panel may include BSEE?
• COS develops list of Subject Matter Experts (SME) by SEMS Element– Members contact COS SME for assistance
06/15/12 - DRAFT - Work in Progress
45
SEMS Elements - Results Analysis – Ranked by Question Compliance within Element
% C
ompl
ianc
e
Question
06/15/12 - DRAFT - Work in Progress
46
SEMS Elements - Results Analysis – Ranked by questions with lowest Compliance
% C
ompl
ianc
e
Question
06/15/12 - DRAFT - Work in Progress
47
SEMS Evaluation & action
• Critical review of findings and corrective actions for questions with greatest incidence of noncompliance.– Risk rank questions
• Focus on higher risk issues first– Identify commonalities and trends
» Perform broad root cause analyses as appropriate» Identify and seek good practices » Identify potential corrective actions » Share learnings
06/15/12 - DRAFT - Work in Progress
48
Questions?
06/15/12
Measuring Success
- DRAFT - Work in Progress
49
Questions?
06/15/12