Safety and Risk Based Life Cycle - Internal Audit

It was identified that: the public is formally engaged and considered during application related processes; company personnel and the public are engaged and considered during construction and operations oversight activities; company personnel and the public are formally engaged during incident management activities; and companies and the public are formally consulted, communicated with and considered during regulatory development and review processes.

It was noted that the rules of natural justice are rigorously applied and that the NEB and its staff have internalized these requirements as normal operating practice.

The audit identified numerous examples of the NEB fulfilling this requirement in regard to safety oversight. Examples include: the Risk Based Life-Cycle Program;

Continued integration of goal oriented regulation principles and activities; and development and implementation of Pre-Construction Evaluation (audit) Process.

The audit identified that: Goal 1 requirements are considered and managed across NEB activities;

Goal 1 objectives are measured (as designed) and monitored on a regular and routine basis and safety performance trends are noted and considered on an on-going basis; and senior management, and the Board Chair and Members are active in setting, managing and monitoring Goal 1.

The only issue noted during the audit related to management of the requirements surrounding the perception of safety and security. The audit was unable to identify how perception of safe and secure is measured, monitored and managed.

It is recommended that the NEB evaluate and implement performance measures for measuring and monitoring the Goal 1 requirements surrounding the perception of safety and security.

During the audit, OPS BU records were reviewed for 08-09 planned audit activities. In all cases the safety audits were meeting identified service standard.

It was noted that a process to track, monitor and manage annual audit activity commitments is in place and utilized as designed.

Management Regime based on:

• Leadership and values

The audit identified that with only a few exceptions, the NEB as a whole exhibits adherence to these commitments.

There was one significant issue related to leadership identified, the technical leadership of the safety program. Interviews indicated that responsibility for technical leadership for safety lies with Professional Leader of Engineering. The audit, however, was not able to identify the formal assignment of these responsibilities either in the incumbent's job description nor is it explicitly managed through the results process (as per interviews). Interviews with Professional Leader indicate that, although the incumbent considers it to be part of the position expectations, the formal safety role for the position is limited to Chief Safety Officer under COGOA. The only explicit identification of this role was found in FAQs for advertised position(s) of OPS Technical Program Mangers.

Interviews with a cross section of staff comprising all levels indicate that the leadership role is not well defined or communicated. Some staff were unaware that there was any formal technical leadership. Many staff interviewed identified that they believed that safety management had significantly different knowledge requirements from engineering, with many interviewees indicating that, although the incumbent is very knowledgeable and interested in safety, they did not believe that one person could occupy both roles adequately. Consensus amongst all staff occupying frontline safety positions was that this was a role required within the NEB and that it required better definition surrounding the requirements and expectations of the position. As well, many of the safety staff identified the need to separate the leadership of the two technical areas. Given the increased focus and commitment to safety by the NEB as well as the demonstrated knowledge requirements of both the engineering and safety communities the audit results are in agreement with staff that there appears to be a need to have a separate safety leader role.

t is recommended that the NEB create a separate safety leadership position with formally assigned and managed safety responsibilities.

Management Regime based on:

• Well defined standards

Management Regime based on:

• Sound risk management

Management Regime based on:

• Right systems in place….to ensure effective control

This section suggests that, in relation to safety, the NEB should be appropriately evaluating regulated companies' safety management programs and activities during construction, operation and emergency activities.

The audit identified that staff generally considers safety to be evaluated and managed at the operational level and therefore safety concerns are generally not evaluated during the applications process unless significant or new concerns are identified in the project scoping process. This was viewed as appropriate by the auditors given the standardization of industrial safety management practices.

The audit noted that the NEB has developed standardized processes for evaluating company activities. Generally they relate to systems audits for evaluating the adequacy of company management programs and facility or activity inspections. The audit identified areas where procedures were required based on the overall stated NEB commitments and practices and reviewed them for development, adequacy and implementation as per plans or perceived need.

The results of the audit of the specific safety program areas follow.

Construction Safety -

• Inspection procedure developed, performance based scorecard developed and implemented, activities planned and undertaken utilizing risk concepts.
• Pre-construction Audit procedure under development, safety protocol developed - gap analysis undertaken, finalization required, and performance based scorecard development required, activities planned and undertaken utilizing risk concepts.

Operations Safety -

• Inspection procedure developed, performance based scorecard developed and implemented, activities planned and undertaken utilizing risk concepts. Review of 2008-09 CVP and records was unable to identify whether inspections under OPR have been planned or undertaken. Activities under PPR have been completed.

It is recommended that the NEB review it's OPS BU planning process to validate its planning procedure and risk prioritization outcomes and especially its operationally based requirements.

• Audit procedure developed, safety protocol developed, performance based scorecard developed and implemented, activities planned and undertaken utilizing risk concepts.

Emergency Management Activities

• Emergency Plan monitoring and review procedure developed, Emergency Plan review protocol developed, performance based scorecard developed and implemented, activities planned and undertaken utilizing risk concepts.
• Emergency Management exercise monitoring and review procedure developed, Emergency Management exercise review protocol developed, performance based scorecard developed and implemented, activities planned and undertaken utilizing risk concepts.
• Emergency Management Program Audit procedure developed, current Emergency Program protocol not developed, performance based scorecard not developed and implemented. Review of 2008-09 and 2007-08 CVPs and records were unable to identify any emergency management program audits planned or undertaken.

It is recommended that an appropriate emergency management audit program, processes and protocols be developed to ensure consistency and conformance with other NEB initiatives. This recommendation is repeated below

As part of its safety program, the NEB reviews all incident reports and investigates those that warrant it. As such, a program to manage the NEB's responsibilities is required.

Interviews with staff and record review indicate that the NEB has an incident management process. The auditor was able to see records of past incident review and investigations as well as follow-up to the investigations.

The audit identified that a major review of the incident review process has been underway for a significant time now, Staff identified that the review process appears to be stalled and this has resulted in unfinished procedures and consequently it is staff's opinion that this has resulted in a deterioration of the quality and quantity of incidents reviewed.

It is recommended that the NEB ensure that incident management revision process be reviewed and appropriate action developed and implemented to ensure continued success of this program

From NEB Website:
Security
On 20 April 2005, the National Energy NEB (NEB) Act was amended to include "Security" within the NEB's mandate, providing the NEB with the clear statutory basis to regulate security of the energy infrastructure under its jurisdiction. The NEB's Security Management Program is intended to provide appropriate regulatory oversight during a project lifecycle to assure that regulated companies and operations are safeguarded against security related threats according to risk based security requirements and continuous security risk management. The ultimate outcome of the NEB's program is to assure that "regulated companies are implementing the appropriate measures to prevent and respond to the occurrence of malicious acts which result in, or have the potential to result in, safety related incidents, an impact in the continuity of energy supply or an adverse environmental impact."

As such, the NEB on May 24, 2006 released a Proposed Regulatory Change (PRC) 2006-01 outlining the proposed changes to the Onshore Pipeline Regulations, 1999 (OPR 99) and the Processing Plant Regulations (PPR) to address pipeline security management. The PRC 2006-01 outlines the NEB's expectation that companies should have a Pipeline Security Management Program which is systematic, comprehensive and proactive in managing security risks. It is also expected that the program will be appropriately integrated into a company's overall management system to provide for safe and secure practice in the design, construction, operation and maintenance of a pipeline system. These expectations and guidance were considered to be in effect as of 31 July 2006, and will remain in effect until the promulgation of the revised regulation(s).

Security management relates directly to the safety of the public and workers. Security therefore has been included in this audit as a safety management sub-set.

Review of the NEB's security management activities undertaken to date indicates that, given the timeframe from the introduction of the security requirements into the NEB Act, the NEB's security oversight program has been developed and implemented to a level at least as high as could be expected or perhaps even higher than could be expected.

The audit identified that NEB staff are acting as leaders in security management within the oil and gas community. NEB staff is acting as committee chair in the development of CSA Z246.1 Security Management for the Petroleum and Natural Gas Industry. This consensus standard is anticipated to be signed off for implementation in the fall of 2009. Interviews indicate this process is on track to meet this expectation. In addition, it was noted that NEB staff have assisted the CNSOPB and NRCAN in regard to the development of their regulatory processes by integrating staff into the NEB's activities when requested.

The audit identified that NEB staff integrate into the various national security organizations appropriately as per the various federal government initiatives and programs.

In regard to oversight of security within the NEB's direct mandate it was noted that, as an interim regulatory measure the NEB has developed and communicated a notice of proposed regulatory change (NOPRC) in regard to safety. It was identified that this process has been effective to date due to the cooperativeness of industry in implementing the proposed requirements. It was noted that future effectiveness of security management will depend on a timely revision of NEB's regulations to reflect the NOPRC. Updating and modernizing of the Board's regulations has been identified as an objective of the 2009-2012 Strategic Plan.

It is recommended that the NEB ensure that OPR and PPR revision processes be undertaken as required to ensure continued success of this program.

It was identified the NEB has developed and implemented a security inspection program for application to construction and operation of facilities. Review of this program indicates that it is consistent with the NEB's inspection processes and procedures and incorporates risk concepts appropriately.

Review of the NEB's security audit program indicates that it is not as well developed as other areas. Interviews with staff indicate that full development of an audit program consistent with other technical areas is contemplated; however, revision of the NEB's regulations is required in order to have a security management requirement to audit against.

As the regulation revision process timing from development to promulgation is unknown and could be lengthy, an interim security audit program consistent with its other technical program areas may need to be developed.

It is recommended that the NEB evaluate its need for developing an interim audit program in order to be consistent with its other technical program requirements.

It was identified that, in addition to evaluating and verifying program development and implementation, the NEB's security program must contain requirements and procedures for addressing security incidents when and should they arise. Staff identified that consideration has been given to this area; however, the challenge is to define the role of the NEB in relation to other agencies with responsibilities for responding to security incidents such as the RCMP, or other police agencies and the TSB. As well, staff members are evaluating the NEB's incident investigation management process for application to security incidents. It was identified that, although the formal development of this area is not complete, the NEB has responded to a security incident appropriately and is working cooperatively with other agencies to ensure an appropriate response in future. Staff members therefore have confidence that until this area is fully developed the NEB can respond appropriately.

It is recommended that the NEB continue to work toward developing and implementing an adequate security incident management process.

The audit identified that the NEB is involved in many activities in regard to maintaining its regulatory responsibilities with respect to the Pipeline Crossings Regulations.

It was identified that activities undertaken include:

• Participation in various forums, committees and public meetings to promote awareness amongst industry and the public in regard to safety and best practices around pipelines and related facilities;
• Inspections of rights-of-way to ensure appropriate control of activities which could impact the safety of the public;
• Development of an audit process for inclusion in the NEB's overall compliance audit processes;
• Review of and response to (where appropriate) violation reports and other correspondence related to the regulations; and
• Redevelopment of the Crossing Regulations into the Damage Prevention Regulations.

Based on staff interviews and record review it would appear that the above activities are being undertaken with various levels of success in meeting the NEB's needs.

It was identified that the high level of construction activity occurring in the Operations Business Unit has impacted on some of the crossings activity requirements. Through interviews with staff, it was identified that the level of activity related to rights-of-way inspections and promotional/awareness activities has fallen significantly in the last fiscal year. Staff members were of the opinion that the decline in crossings activities was related to the recent construction level (many crossing staff fulfil other technical roles within the OPS BU) and to the fact the annual work plan does not reflect operational (non-construction) or promotional requirements adequately. It was identified that this work, especially the promotional activities, was considered to be crucial because of the nature of crossings regulation.

It is recommended that the NEB review it's OPS BU planning process to validate its planning procedure and risk prioritization outcomes and especially as it relates crossings based requirements.

Review of activities surrounding the processing of violation reports identified that the service standard (90% response in 1 week) is being met at an acceptable rate. This was based on verbal information from staff.

The audit identified that, based on an internally identified need; the NEB has started development of a Crossings Regulation management system audit protocols for implementation in upcoming planned audits. The audit identified that the planned activities are consistent with the NEB's standard audit practices.

It is recommended that the Crossings Regulations audits be implemented as planned to ensure consistency with the NEB's regulatory practice.

Review of the development and promulgation process for the Damage Prevention Regulations indicated that, although the NEB has rejuvenated its activities, the process has been stalled for a significant length of time. It was identified that there is a risk to the NEB's credibility as a regulator given the significant consultation process undertaken to date.

It is recommended that the Damage Prevention Regulations development process be prioritized within the NEB's work planning processes.

Emergency Procedures Manual

32.(1) A company should develop, regularly review and update as required, an emergency procedures manual.

(2) A company should submit the emergency procedures manual and any updates that are made to it to the NEB.

33. A company should establish and maintain liaison with the agencies that may be involved in an emergency response on the pipeline and should consult with them in developing and updating the emergency procedures manual.

34. A company should take all reasonable steps to inform all persons who may be associated with an emergency response activity on the pipeline of the practices and procedures to be followed and make available to them the relevant information that is consistent with that which is specified in the emergency procedures manual.

Continuing Education Program

35. A company should develop a continuing education program for the police, fire departments, medical facilities, other appropriate organizations and agencies and the public residing adjacent to the pipeline to inform them of the location of the pipeline, potential emergency situations involving the pipeline and the safety procedures to be followed in the case of an emergency.

This section suggests that the NEB should be appropriately evaluating regulated companies' emergency management plans, programs and activities for application during construction and operation.

The audit noted that the NEB has developed standardized processes for evaluating company activities. Generally this relates to management systems audits for evaluating the adequacy of company management programs and facility or activity inspections. It was identified that the NEB has developed additional processes related to monitoring and reviewing company emergency plan manuals for submission and content. As well, it was noted that specific processes related to attending and reviewing the adequacy of emergency planning and coordination exercises have been developed and implemented. The results of the audit of these specific emergency management program areas follow.

Emergency Management Activities

• Emergency Plan monitoring and review procedure developed, Emergency Plan review protocol developed, performance based scorecard developed and implemented, activities planned and undertaken utilizing risk concepts.
• Emergency Management exercise monitoring and review procedure developed, Emergency Management exercise review protocol developed, performance based scorecard developed and implemented, activities planned and undertaken utilizing risk concepts.
• Emergency Management Program Audit procedure developed, current Emergency Program audit protocols have not been developed, performance based scorecard have not been developed and implemented. Review of 2008-09 and 2007-08 CVPs and records was unable to identify any emergency management program audits planned or undertaken. It was identified that this was conscious decision based on staff training and availability.

It is recommended that an appropriate emergency management audit program, process, protocols be developed to ensure consistency and conformance with other NEB initiatives.

This section suggests that, in relation to safety at the processing plants under its jurisdiction, the NEB should be appropriately evaluating regulated companies' safety management programs and activities during construction, operation and emergency activities.

The audit identified that the NEB's safety process and procedures developed for pipeline safety management are applied in the same manner for processing plants with changed technical content to reflect the processing activities.

The audit identified that the findings and issues related to processing plants correspond to those for pipeline regulation.

Electricity Regulations - 1997:
An application for a permit for the construction and operation of an international power line that exceeds an operating voltage of 50 kV should contain the following information, unless the NEB advises the applicant that the information is already in the possession of the NEB or that the information is not relevant to the application:

(w) a description of any safety and environmental standards, practices and procedures to be used in the design, construction and operation of the international power line, including the date of issue of any documents respecting those matters.

Review of records and interviews with staff that the NEB applies its standard safety programs and tools to electrical projects as they occur. The audit identified that the NEB had been undertaking its safety verification activities on recent projects including the investigation of security related incidents.

The audit could not identify that tools and staff training programs had been updated to reflect the specific requirements of constructing electrical facilities. However, it is unclear whether the frequency of project application and construction or whether there are significant safety management differences associated with these projects that would require modification to existing processes.

It is recommended that the NEB formally review and evaluate whether specific tools and training and competencies are required for implementation of appropriate oversight of its electrical regulation.

2.1 The purpose of this Act is to promote, in respect of the exploration for and exploitation of oil and gas,

(a) safety, particularly by encouraging persons exploring for and exploiting oil or gas to maintain a prudent regime for achieving safety;

Various Regulatory Sections relating to Safety, Accidents, Incidents and Reporting requirements relating to exploration and production activities

The audit noted that the NEB has developed standardized processes for evaluating safety during exploration and production activities. The audit identified that the safety management requirements and measurements under COGOA are moving toward the management system approach as per the rest of the NEB's processes. Generally this relates to systems audits for evaluating the adequacy of company management programs and facility or activity inspections. The audit identified COGOA specific areas where procedures were required based on the overall stated NEB commitments and practices and reviewed them for development, adequacy and implementation as per plans or perceived need. Generally these related to Operations activities, the findings are identified below.

Operations Activities (seismic, drilling, production) Safety -

• Inspection procedure developed, performance based scorecard developed and implemented, activities planned and undertaken utilizing appropriate risk concepts.

Interviews with staff members indicate that the NEB has been undertaking the compliance activities as required by the MOU. Staff members have been appropriately trained and accredited by HRSDC and have undertaken safety verification activities as required.

Interviews indicate that some required coordination activities have not been undertaken for the last number of years. The coordination of these meetings is the responsibility of HRSDC. It is anticipated that these issues will be mitigated by a resumption of the committees required under the MOU.

It is recommended that the NEB work to ensure that all of the HRSDC-NEB MOU requirements are met or re-evaluated and revised to ensure that the NEB is not or does not appear to delinquent in its MOU obligations.

The National Energy NEB (NEB) of Canada and the Oil & Gas Commission (OGC) of British Columbia (BC) (together, "the Parties") enter into this Memorandum of Understanding (MOU) to:

• enhance cooperation and coordination between the Parties for the purpose of improving pipeline safety within Canada and the province of British Columbia;
• outline a mutual aid agreement between the Parties whereby each agency may provide assistance to the other in respect of pipeline incident investigation and emergency response; and
• establish a protocol for coordinating training and technical liaison in areas of common interest between the Parties.

Interviews with staff indicate that, although the intent of the MOU is being met, all of the requirements are not being fully maintained due to the age of the document. Discussions with staff indicate that these issues are shared with ERCB staff counterparts.

It was identified that discussions regarding updating the document have been initiated by NEB staff with no progress noted to date. Regardless of the formal management of the MOU, staff identified that regular and appropriate interactions with the ERCB are occurring at the working level as a result of relationships developed to date.

It is recommended that the MOU be reviewed and revised to ensure continued suitability for both parties.

Legend

It was noted that the NEB has placed significant emphasis on identifying and managing its regulatory responsibilities in regard to safety. There is significant documentation outlining the federal government's commitments and the NEB's safety management commitments and priorities.

Review of the various planning and program documents indicates that the commitments are being appropriately communicated and integrated into all activities.

Review of corporate and individual annual planning and results documentation indicated that the NEB and its management are actively monitoring the programs and activities for assurance of implementation and success. Review of the strategic plan webpage on the NEB's intranet site indicated that this active management process extends from parliament to the NEB frontline staff.

Interviews with staff indicated the NEB's goals, objectives and commitments had been communicated appropriately.

The organization should be able to demonstrate an adequate, effective and ongoing process to identify the risks associated with the regulated industry, assess the degree of the risks and implement necessary measures to control those risks.

This process should be documented.

Review of the NEB's activities indicated that it has implemented a Risk Based Life Cycle (RBLC) Approach to regulation. This approach helps identity where the NEB should focus its compliance activities. Review of the NEB's RBLC activities identified that the NEB has placed increased focus on developing and implementing this initiative. The NEB has begun integrating the principles across all of its activities including streamlining its Applications BU processes.

Audit of the NEB's compliance verification plans and processes identified that risk based tools and strategies and have been developed and implemented for use in the planning of activities and for evaluating the results and follow-up to the verification activities. Interviews with frontline safety staff identified the there is a lack of understanding of the underlying principles used in development of the risk model. This appears to have led to scepticism amongst staff regarding the adequacy and the potential for success of the risk based safety compliance verification plan. This may create a risk to the NEB in that staff may not implement the plan as required or may communicate externally in regard to the NEB's perceived management abilities.

It is recommended that an internal communications strategy be developed for the NEB's risk-based planning methodologies.

It was identified that the NEB's risk processes have been documented where required.

The organization should have an adequate and effective documented procedure for the identification, incorporation and integration of legal and other requirements into its safety activities.

Les obligations juridiques et autres que doit remplir ou administrer l’Office sont bien définies et ont été intégrées aux programmes et procédures.

Il a été constaté que l’ONÉ fait état de ses obligations juridiques touchant la surveillance de la sécurité à différents endroits, notamment sur son site Web (bien en évidence).

Le tableau 1 décrit toutes ces obligations, les évalue et fait état des constatations.

The audit identified that safety objectives and targets have been developed for and implemented at all levels of the organization. Direction for these flow from Parliament and the Treasury Board through the NEB's Strategic Plans down to annual plans and technical programs. The audit identified that the Board, the Ex-team and others with management responsibilities review the targets and objects on a routine basis.

The organization should have an organizational structure that allows its management program to effectively and efficiently function.

The organization should have clear roles, responsibilities and authority descriptions for each of the safety functions in the organizational structure.

The audit reviewed the organizational structure for safety oversight as well as the roles and responsibilities associated with the various positions identified within the program(s). The audit identified that functionally there are two informal oversight frameworks at the NEB. These frameworks were identified as being integrated wherever appropriate.

The first of the two frameworks could be classified as administrational and is comprised of the NEB's general management practices. The audit identified that this structure is well defined and implemented and meets the requirements to manage and monitor the various activities.

The second and less formal framework could be classified as technical in nature. This structure has been implemented primarily in the OPS BU and is used to manage the technical components of the safety oversight program(s). It is called the Safety Compliance Program and is managed by the OPS BULT with input from the Safety Team Leader Champion, the Safety Compliance Program Manager and technical safety staff who comprise the Safety Compliance Working Group. The audit identified that the compliance program approach has not been successful in meeting expectations. It was identified that the expectations of the compliance programs have not been well defined and that the OPS BULT has not provided adequate support and direction. The audit identified that the working group meets only on a sporadic basis and participation has been low. The audit identified that the OPS BULT has recently undertaken a revamping of the compliance program concept and has developed new guidance and management processes. Some of the documentation has been approved and placed on the Process Dashboard. In addition, it was noted that the OPS BULT has begun communicating its commitment and expectations regarding the compliance programs. As well, the audit identified that the OPS BU is in the process of staffing the Program Manager position.

As the risks associated with failure to properly implement this technical structure are potentially significant and the OPS BULT was not able to demonstrate a track record for success for the past or new Safety Compliance Programs, it is recommended that the NEB implement its revamped program as designed and develop a specific monitoring and reporting plan for this initiative.

In regard to the development of roles and responsibilities documentation, the audit identified that the NEB has developed generic job descriptions for all job families. In regard to documentation related to specific technical job functions, the audit identified that it was developed in a less consistent manner. For example, it was identified that a formal document outlining generic roles and responsibilities has been developed in regard to the Safety Compliance Program Manager; however, there was not similar documentation developed around many of the other key technical safety management functions. As examples, the audit was unable to identify specific safety documentation for the Professional Leader of Engineering and Operations Team Leader Safety Champions. Of particular note is the ambiguity surrounding the roles and responsibilities of the junior engineering staff. Record review and interviews indicated that junior engineers have a substantial role in regard to evaluating company safety; however, there role is only loosely defined. This potentially impacts training plans and performance and therefore the quality of the NEB's oversight.

It is recommended that the NEB undertake an evaluation of all of the roles within its technical safety oversight structure and ensure that clear roles and responsibilities documentation is developed where appropriate.

The Audit identified that the NEB provides a significant amount of training to its safety staff and staff in general. The audit identified staff generally felt supported when making requests for training. It was identified that the NEB has developed generic training requirements for some of its safety program functions. Examples of generic training include auditor training and inspection officer training. Review of the safety training programs developed to date appears to be limited to internal processes and does not include specific technical learning requirements. Staff interviews identified that there is no standard generic training or competency requirements for all safety related positions or functions, e.g. investigators and investigation processes. This lack of formal requirements was identified to be especially of concern for staff hired into junior levels with expectations of progressing into higher, working level positions. The audit identified that staff in these positions identified that that there were no formal training plans or training framework and that they felt they had to be responsible for identifying their own training needs. During the audit, staff at all levels identified that, other then for inspection officer designation, they were unaware of any formal evaluation of competency requirements associated with the job functions. Further, the audit identified that there were no evaluations of continued competency following initial training for most job functions. The audit was unable to identify the existence of procedures or records for management reviewing the competency of staff in undertaking procedures or job functions. It is recommended that the NEB review its safety training program to ensure that it addresses the identified gaps.

It is recommended that the NEB review its safety training program to ensure that it addresses the identified gaps.

The audit identified that the NEB has well developed and implemented processes for document development, management and revision. The most significant of these is the Process Dashboard tool. Review of the Dashboard indicated that it is an appropriate tool for document control in that it requires formal assignment of document management responsibilities, allows for community review and identification of required changes, allows for version control and is accessible to all NEB staff. No findings were identified with this tool.

The audit identified that NEB has developed the required documentation surrounding the majority of its key safety oversight processes. The key oversight processes are: compliance screenings, compliance meetings, inspections, audits and information exchanges. Additionally there are requirements for the development of technical protocols which are associated with each of the processes and safety oriented technical areas. The safety areas which require specific protocol development are: safety (NEB Act and COGOA Act), crossings, emergency management and security. Review of the developed processes and protocols indicated that some required revision and some protocols required development. These included: revision of the management system audit procedure and templates; development of audit protocols for crossings, emergency management and security; and revision of incident management procedures and associated documentation.

It is recommended that the NEB revise or develop the documentation identified as deficient.

The organization should be able to establish and items 2 and 3 above).

The audit identified that the NEB has developed and implemented a significant framework of processes and procedures for addressing it safety oversight requirements. These could be classified into general or NEB wide management processes and those associated with the technical oversight of safety.

The audit noted that the NEB has implemented a wide range of controls for managing its general management practices which impact the safety oversight activities. These included its QMS, its Risk Based Life Cycle approach amongst others. The audit identified that they appear to working adequately. In reviewing its management processes only one process of note was identified as requiring action. This was the Compliance Verification Planning process. This process is used to identify, prioritize, plan and monitor the OPS BU annual work activities. The audit identified that it has not been formalized and put on the Process Dashboard to ensure consistent application. Interviews with staff identified that this has resulted in issues related consistency, accuracy and timeliness in the past. The audit identified that the OPS BU has begun the process of formalization of this process but has not completed it yet.

It is recommended that the NEB complete the formalization development and implementation of its Operations Compliance Verification Planning process.

With respect to its controls respecting technical oversight of safety, the audit noted that the NEB has implemented its QMS and Dashboard processes. These two controls are used to ensure consistent planning, utilization and development of the NEB's technically related processes and procedures. Review of the processes and procedures indicated that the NEB has developed formal and standardized processes related to: inspections, audits, incidents, security, crossings, external communication, training, etc. With the exception of the issues related to process development found elsewhere in this audit, the NEB appears is applying its Dashboard process as designed. In regard to the application of its QMS, it was noted that the NEB completed an audit if it QMS in 2007 and therefore no in-depth analysis of the QMS was completed in deference to this audit.

The organization should be able to demonstrate an adequate and effective process to monitor performance in regard to its responsibilities, program and activities.

These processes should be documented.

The audit identified the NEB's safety oversight required performance measuring and monitoring at three levels. These were: measuring and monitoring in relation to Goal 1; measuring and monitoring in relation to its annual plans; and measuring and monitoring of staff performance in regard to implementing the safety program.

The audit identified that NEB has developed and communicated safety oversight measures as part of its Strategic Plan development processes. These measures have been communicated externally on its website and in its annual reporting as well as internally through a number of methods such as staff forums, business unit planning documentation and on its intranet sites.

Review of the safety measures indicated that they were all lagging measures. As the NEB Strategic Plan 2008-2011 indicates "We promote safety", the measures for the program should include leading indicators. As well, Goal 1 indicated "NEB regulated facilities are safe and secure and are perceived to be so". The audit was not able to identify any measures related to the perception of safety and security

It is recommended that the NEB develop measures which include leading indicators as well as measures for perceptions of safety and security.

With respect to measuring and monitoring development and implementation of its annual plans, the audit identified that the NEB has developed and implemented appropriate processes. The program as developed included appropriate measures and schedules and involved staff and managers at appropriate frequencies. No issues were identified.

In regard to measuring and monitoring of staff performance relating to implementing the safety program, the audit identified that the NEB has implemented is Results process. This is a formal process for assigning and reviewing staff responsibilities. It includes requirements for formal assignment and recording of tasks and sets schedules for review. Review of this process identified two issues of note. The first is that it is not being implemented on a timely basis at the operational levels. The audit identified, although annual assignments and expectations are communicated verbally, results documents are often not completed until mid-way through the fiscal year. This was identified as having potentially affected training plans as well as the development of program components. Additionally the audit identified that this may impact the timely implementation of annual planned activities. Secondly, the audit identified that there are no requirements for managers to assess the competency of staff in regard to undertaking procedures. As noted in the Training and Competency section (item 6.0) above this was viewed as an issue.

It is recommended that the NEB develop and implement an appropriate management procedure to monitor staff performance as it relates to safety oversight plans and procedures.

It was identified that NEB has well established records and records management processes for application across the entire organization. This process is directed and controlled as part of the overall federal government records processes. These general record management processes have been included in past NEB internal audits and as such were not included in this audit.

The audit identified that the OPS BU has implemented additional internal record management systems for managing the working records of the BU. The main Operations record management system is called the Environment and Safety Information Management System (ESIMS) This system is used to manage the compliance verification activities and the records and data developed during the activities. The audit identified indicated that it is being implemented as designed. The audit identified that there is general consensus amongst staff that ESIMS has limitations to its ease of use and its abilities; however, the limitations appear to result in inconvenience issues rather than inadequacy. The audit therefore did not consider this to be a finding. In addition to ESIMS, the OPS BU has developed a database for controlling and organizing its incident data. This system is called the Pipeline Incident database or PID. Review of the system identified that it has been implemented to the same level as ESIMS above. PID revision is part of the overall review of the NEB's incident management program redevelopment and as such any recommendations relating to the redevelopment apply to PID as appropriate.

The organization should have an adequate, effective and documented process to audit the safety oversight program.

These audits should be conducted on a periodic basis, with their results presented to management so that overall safety oversight performance may be evaluated.

Senior Management should review the safety oversight programs and activities continuing suitability adequacy and effectiveness. The review should be based on adequate documentation review and should be documented.

The management review should include any decisions, actions and commitments related to improving the safety oversight.

The audit identified through interviews and record review that NEB senior management regularly reviews the safety program, plans and associated activities. These reviews are documented and outstanding or on-going issues are brought forward for follow-up.