Information Advisory CER IA 2020-001 – 2018-2019 Canada Energy Regulator Audit Program Lessons Learned: Management System Deficiencies
17 March 2020
Canadian Energy Pipeline Association
Canadian Association of Petroleum Producers
Provincial and Territorial Regulators
- Information Advisory CER IA 2020–03-02
2018-19 CER Operations Audits: Lessons Learned
Please find attached CER Information Advisory IA 2020-03-02.
The Canada Energy Regulator (CER) has issued the attached Information Advisory to provide clarity regarding its interpretation and expectations of focused management system audits in the areas of Integrity Management Programs and Quality Assurance Programs.
The CER expects that this Information Advisory will be given wide circulation to all relevant personnel within your organization.
If you have any questions regarding this Information Advisory please contact the Director of Audit, Enforcement and Investigation through our toll free number at 1-800-899-1265.
Original signed by
Acting Chief Executive Officer
CER IA 2020-03-02
17 March 2020
Information Advisory CER IA 2020-03-02
2018-2019 Canada Energy Regulator Audit Program Lessons Learned:
Management System Deficiencies
Basis for Issuance
The Canada Energy Regulator (CER) requires all companies to establish and implement an effective management system in order to proactively identify and analyze hazards and manage the associated risk to prevent harm to people and the environment. A well-designed and implemented management system, as described in the Onshore Pipeline Regulations (OPR), enables hazard management, learning and continual improvement throughout an organization. When coupled with a robust safety culture, it supports strong safety and environmental protection performance and outcomes.
As part of its ongoing oversight activities, the CER’s audit program recently evaluated two key areas related to effective management system functioning. The 2018-19 audit program focused on:
- Integrity Management (IM) Programs; and
- Quality Assurance (QA) Programs.
The management system deficiencies identified during these audit activities are shared in this Information Advisory in order to promote learning across all CER-regulated companies.
During the Integrity Management (IM) Program audits, the CER evaluated the adequacy of key management system components including hazard identification and analysis, risk evaluation and the development and implementation of controls. The audits were designed to verify that required management system processes were established and implemented at the IM Program level.
The objective of the QA Program audits was to verify that the selected companies each had established and implemented an internal QA program as part of their management systems. A QA program is an essential part of a functioning management system as it provides for ongoing monitoring and evaluation of performance.
Six companies were selected for these 2018-19 audits; they were chosen based on the CER oversight risk identification and prioritization model.
Management System Learning Areas
Upon review of the results of the 2018-19 audits, the CER identified several, common management system deficiencies that should be evaluated and addressed (as applicable) by all CER-regulated companies, as part of their continual improvement activities. The deficiencies included:
1. Inadequate documentation of management system processes. Companies are required to establish, implement and their management system processes within each OPR 55 program.
A management system process:
- describes the purpose, scope, objective, boundaries and specific results that the process is intended to achieve;
- describes the series of interacting actions or steps that take place in an established order;
- defines the roles, responsibilities and authorities of staff to ensure the process is appropriately applied;
- where required, references other relevant processes, procedures and work instructions; and
- describes how it is integrated with each OPR 55 program.
To meet the requirements for an established process, ensure the following are addressed:
- the documentation is developed in the company required format;
- the process is approved and endorsed for use by the appropriate level of management;
- the process is communicated, and training is provided throughout the organization; and
- the approved process has been documented for a minimum three (3) months.
A similar finding related to deficient management system processes was identified in the 2017-18 CER Audit Program review. It remains an area for industry-wide improvement.
2. Companies have not established a Quality Assurance (QA) program as part of their management system that applies to all programs. The CER audit results confirmed that in most cases companies are conducting inspections and audits of their facilities and activities. However, these activities are being completed in an ad hoc manner and are not being done systematically as part of a proactively established and documented QA program (OPR sections 6.5(1)(w), 55 (1) and 53(1)). A documented QA Program is an integral piece of the management system (the Check part of the Plan-Do-Check-Act Continual Improvement Cycle). The QA Program should detail how the company will direct, plan and manage the overall approach to quality assurance within the company and should:
- ensure all section 55 programs conform to the company’s management system QA program;
- routinely evaluate the adequacy and effectiveness of the management system and assure that the QA program and its processes are working as intended;
- drive compliance activities including section 53 and 55 program audits, along with inspections, assessments of management system conformance and regulatory compliance, at a specified frequency;
- verify that corrective and preventive actions are taken in a timely manner when deficiencies are identified;
- include retention of records of the related QA program monitoring and evaluation activities; and
- monitor and evaluate the QA program itself at a specified frequency to ensure that the program is achieving the intended results.
The CER will incorporate these learnings into future compliance and oversight planning activities.
- Date modified: