3 rd Party Certification Process Overview

1

3rd Party Certification Process Overview

Presented to:

Houston STEPS

Representing COS:

Dr. Jeff Ostmeyer, CPEA EHS Advisor – Center for Offshore Safety Anadarko Petroleum Corporation June 19, 2012

2

COS Mission Statement

Our Mission...

Promote the highest level of safety for offshore drilling, completions, & operations by effective leadership, communication, teamwork, utilization of disciplined safety management systems & independent third-party auditing & certification.

Our Objectives…

• Enhancing and continuously improving industry's safety and environmental performance,

• Ensuring public confidence and trust in the oil and gas industry,

• Increasing public awareness of industry's safety and environmental performance,

• Stimulating cooperation within industry to share good practices and learn from each other, and

• Providing a platform for collaboration between industry, the government, and other stakeholders.

06/15/12

3

COS Operating Basis

The Center for Offshore Safety will be responsible for:

• Providing expert assistance to member companies,

• Assuring that third party certification program auditors meet the program’s goals, and that the program is complementary with government regulations,

• Compiling and analyzing key industry metrics,

• Coordinating Center sponsored functions designed to facilitate the sharing and learning process,

• Identifying and promoting opportunities for industry to continuously improve,

• Interfacing with Industry leaders to assure leadership and system deficiencies are recognized and addressed promptly, and

• Communicating with government and external stakeholders.

06/15/12

4

• One-stop central source for:

- Information & knowledge

- Audit accreditation

- Program certification

- Tools and technical assistance

• Promote an industry culture of incident-free operations

- Process safety in addition to personal safety

- Emphasis on behavior

- No harm to people, no harm to environment

• Elevate the industry’s quality and safety standards

- Create and share good practices

- Continuous improvement

COS Vision and Path Forward

06/15/12

5

Key Objectives - COS 3rd Party Certification

COS accredited 3rd party audits satisfy BSEE’s requirements for audits.

COS’s auditing process provides members with a higher level of confidence on managing risk and identifying specific opportunities for improving performance on their facilities.

Member specific data is treated private and confidential.

The auditing process results in learnings and good practices being shared with the COS which then shares with industry leading to improved industry performance.

COS incurs no liability as a result of the audit process.

Government regulators embrace COS accredited 3rd party audits as an effective means of complying with the regulations and improving industry performance.

- DRAFT - Work in Progress

06/15/12

6

Current SEMS Requirements

COSMember

Auditor(s)*GovtRegulators Retains auditing

services

Informs Audits

* May be either internal or external


06/15/12

7

COSMember

Auditor(s)*GovtRegulators Retains auditing

services

Informs Audits

*Must be external


SEMS II (As Proposed)

Informs

Approvesqualifications

06/15/12

8

COS Planned Approach

COS ASPs*

COSMember

Auditor(s)GovtRegulators

Accredits

Manages and provides oversight

Retains auditing services

Informs

Audits

Provides perspective

*Audit Service Providers

Start

InformsIssues SEMScertificates


02/16/12

9

COS Member (Operator, Drilling Company, Service Company, and/or Supplier)

1. Determines need for SEMS audit to comply with government regulations and/or COS requirements,

2. Retains services of a COS accredited Audit Service Provider (ASP) to perform SEMS audits,

3. Takes responsibility for notifying government regulatory agencies as required by regulations,

4. Agrees to share SEMS audit data with the COS, via a standardized format, for purposes of determining industry trends, and

5. Takes responsibility for notifying government regulatory agencies of SEMS audit results.

Basic Requirements

Center for Offshore Safety (COS)

1. Establishes standards for 3rd party Audit Service Providers (ASPs), auditors, and SEMS audit protocol and certifications,

2. Works with COS members to understand industry audit requirements to assure sufficient numbers of COS accredited 3rd party auditors for COS members,

3. Accredits ASPs; periodically validates ASPs' and Auditors' performance, and effectiveness of COS audit protocol,

4. Compiles industry data and shares w/industry via COS reports and sponsored forums, and

5. Agrees to maintains confidentiality of COS Member specific data.


06/15/12

10

Auditor 1. Maintains qualifications and competency consistent with expectations of ASP expectations and requirements, COS standards, and government regulations,

2. Performs SEMS audit services solely in behalf of ASP; utilizes COS auditing protocols and standardized reports,

3. Complies with all government regulations and COS member safety requirements,

4. Agrees to maintain confidentiality of audit findings, and

5. Agrees to allow ASP and/or COS to periodically assess auditor

qualifications, competency, and performance..

Audit Service Provider (ASP)

1. Retains the service of professional (e.g., qualified, competent, and certified) auditors and subject mater experts to provide SEMS auditing services for COS members,

2. Provides oversight to SEMS auditors to assure compliance with COS standards and SEMS auditing protocol,

3. Performs audit services in behalf of COS member; works with COS member to determine both scope, duration, and logistics of SEMS audit; agrees to maintain confidentiality of audit findings,

4. Issues SEMS certificate(s) at closeout of audit, and agrees to provide COS with standard report at closeout of audit,

5. Agrees to allow COS to periodically assess ASP and auditor performance.

Basic Requirements


06/15/12

11

COS Suggested Strategic Approach to ManagingRisk Through 3rd Party Audits and Certification


Key Considerations

1) All offshore facilities do not represent the same inherent risk:

- Deepwater Risk > OCS Risk

- Drilling Risk > Operating Risk

- New Operations Risk > Mature Operations Risk

2) The level of audit should match the level of risk:

- Lower and moderate relative risk warrant 2 levels of audit control

- Higher relative risk warrant 3 levels of audit control

3)Staging of audits should reflect risk; higher relative risk first

4)If resources are potentially limited then a process should be in place to assure those resources are focused on higher relative risk first

06/15/12- DRAFT -

Work in Progress

12



Training Requirements for Auditors

(COS – 2 – 01)

Audit Team Requirements(COS – 2 – 02)

Audit Service Provider

Oversight(COS – 2 – 03)

Accreditation Organization

Oversight(COS)

(COS – 2 – 04)

Incr

easi

ng

Lev

els

of

Co

ntr

ol

1st Layer of Control

2nd Layer of Control

3rd Layer of Control

+

Deepwater(+1000 ft)

06/15/12- DRAFT -

Work in Progress

13



06/15/12

Training Requirements for Auditors

(COS – 2 – 01)

Audit Team Requirements(COS – 2 – 02)


Oversight(COS – 2 – 03)

Accreditation Organization

Oversight(COS)

(COS – 2 – 04)

Increasing Risk

Incr

easi

ng

Lev

els

of

Co

ntr

ol

1st Layer of Control

2nd Layer of Control

3rd Layer of Control

+

Lower RelativeRisk

(i.e., Mature Facilities on OCS)

Moderate RelativeRisk

(i.e., Drilling on OCS)

Higher RelativeRisk

(i.e., Deepwater Drilling and Operations)

OCS

Deepwater(+1000 ft)

+

+

Requirements Addressed within Current SEMS Proposal


14

Lead Auditor

COS Link to Competency Assurance

COSAudit

Service Provider

Auditor(s)

Accredits and periodically

audits processes and joint

competencies


May periodicallyevaluate individual

competency May periodicallyevaluate individual

competency

Certified Training Provider

Accredits and periodically

audits training program

06/15/12

15

COS/ASP/COS Member Company Relationships


COS MemberCompany

Audit Service Provider (ASP)

COS

• Membership Agreement- Ready for endorsement by COS Board

- References COS publications

• Contract between ASP and COS Member Company

- Suggested language for contract referenced in contract between COS and ASP

• Contract between ASP and COS- Under development by API

- Stipulates using COS language in contract between ASP and COS Member Company

- References COS publications

Certification Process•Audit protocol•ASP qualifications•Auditor qualifications•Standard audit report

06/15/12

16

COS Member/Contractor/ASP Relationships

COS Accredited

ASP

COSMember

Contractor*

COS Accredited

ASP

Recognizes COS certificatesIssued by other COS

accredited ASPs and avoids duplication of auditing

Resolves potential SEMS conflicts via bridging document


Issues SEMScertificates

Issues SEMScertificates


*Generic term for drilling company, service/supply company, construction company


06/15/12

17

COS Certification – How it Works


Step 1 – Establishing Audit Service Providers

-An ASP (as an independent entity with no ties to the COS) implements a business model for creating and managing an audit team to provide 3rd party auditing services to industry. Audit team must be qualified and trained consistent with COS publications.

-An ASP approaches COS/API for COS accreditation.

-The ASP pays for the accreditation process and agrees to periodic oversight by COS.

-The COS/API accredits Audit Service Provider(s (ASPs) and adds the ASP to the COS published list of accredited ASPs.

05/23/12

18



Step 2 – Linking Audit Service Providers with COS Members

-A COS Member establishes a need for a 3rd party audit and utilizes the COS website to identify/validate potential audit service providers (ASP).

-The COS Member selects an ASP and enters into a business agreement with the ASP to provide a 3rd party audit; the COS Member and ASP business contract includes language endorsed by the COS.

-The ASP and COS Member agree to an “audit plan” consistent with COS protocols and publications.

-The ASP provides the COS a courtesy notice such that the COS, at COS’ discretion, may provide oversight consistent with the accreditation process.

06/15/12

19



Step 3 – Performing the Audit and Closeout

-The ASP performs a SEMS audit consistent with COS protocol.

-The ASP, through the use of COS standard report, provides the COS Member Company a report that identifies SEMS gaps, and identifies which gaps must be closed out to “certify”.

-The COS Member creates a gap(s) closure plan for review with the ASP. The ASP and COS Member agree to timing for gap(s) closure and which gaps closures must be validated by ASP.

-The ASP also creates a recommendation on “good practices” that the COS Member may consider sharing with the COS.

06/15/12

20



Step 4 – Issuing Certificates

-Upon closeout of audit gaps, the ASP issues the standard COS report to the COS, and

-The ASP issues a dated COS Certificate.

Step 5 – COS Member Company Follow-Up

-The COS Member Company, at their own discretion, shares “better practices” with the COS (or allows the ASP to do so in their behalf).

-The COS Member Company, consistent with COS Membership Agreement, maintains their SEMS program, and seeks out recertification within 3yr period.

06/15/12

21

Assuring Team Competency

Do individual team members meet requirements established in Section x.x (see slide # 22 for summary)

Does Team Lead meet requirements established in Section x.x (see slide # 24 for summary)

Does whole audit team meet requirements established in Section x.x (see slide #26 for summary)

Audit may proceed

Select different individuals and revalidate competency against Section x.x

Select different Team Lead and revalidate competency against Section x.x

Add additional and/or select different team members and revalidate competency against Section x.x

Yes

Yes

Yes

No

No

No

Start


06/15/12

22

Audit Team Member Competency COS-1-03

Audit Team members shall meet the following minimum qualification requirements:

-Two (2) yrs. offshore oil and gas (or related industry) experience,

-Evaluated by either the Audit Service Provider (ASP) through the ASPs documented process or by a recognized auditor Certification Body (i.e., BEAC)

-Completed a 24 hour training program that meets the applicable requirements outlined in COS-1-04, and includes three (3) hours of examination and/or skills evaluation.

Technical competency of the audit team may be supplemented by use of Technical Experts with the following qualifications:

-Bachelor’s degree or equivalent work experience,

-Five (5) years experience in oil and gas (or related industry), and

-Five (5) years experience specifically in the area of their expertise.

If a Technical Expert is designated as an audit team member, then that Technical Expert must meet the expected requirements for audit team members.


06/15/12

23

Auditor(s)



Checks certification, training, and qualification

as SEMS auditor

Quality Assurance for Auditor Designation


Provides COS endorsed SEMS auditor training and evaluation

Note: An Audit Service Provider may also be a certified training provider.

06/15/12

24

Audit Team Lead Competency

- Been certified by an auditor Certification Body (i.e., BEAC, RAB-QSA, IRCA, etc.) as a management system auditor,

- Participated in at least three (3) audits in the past three years,

- Participated full time in at least one (1) audit as either a lead auditor or a lead-auditor-in-training,

- A minimum five (5) yrs. offshore oil and gas (or related) experience within the last 8 years,

- Completed an additional eight (8) hrs. lead auditor training class that includes one (1) hour on professional ethics, and one (1) hour of examination and/or skills evaluation.

In addition to meeting the qualifications outlined for an audit team member, lead auditors will have:


06/15/12

25

Lead Auditor


Audit Service Provider Checks

certification, training, and qualification

as managementsystem lead

auditor

Quality Assurance for Lead Auditor Designation


*BEAC, RAB-QSA, IRCA, etc.

AuditorCertification

Bodies*

Issues certification

as managementsystem auditor

Provides COS endorsed SEMS

lead auditor training and evaluation

Note: An Audit Service Provider may also be a certified training provider.

06/15/12

26

Audit Team Collective Competency

Audit teams must have a joint competency that reflects:

-Five (5) yrs. experience in development and implementation of HSE management systems,

-Five (5) yrs. experience with MOC, HRAs, offshore procedures, process safety, and mechanical integrity,

-Two (2) yrs. experience with interpretation and application of 30 CFR Part 250/RP 75,

-Specific knowledge and understanding of COS RP75 SEMS audit protocols, and

-Specific knowledge and experience related to operation of the facility.

Collective competency may be achieved by either a single individual or the combined competency of multiple individuals.

For full scale SEMS program certification, audit teams must have as a minimum of one (1) Audit Team Leader that meets the audit team lead qualifications plus two (2) additional auditors that meet the audit team member qualifications.

Validation of individual facility compliance with a company’s SEMS program will be performed as agreed to between the ASP and the company.


06/15/12

27

Additional Key Points

1. The ASP is responsible for selecting, qualifying, and appointing audit team members and, if necessary, technical experts to assure audit team competence leads to a high quality audit.

2. The audit team, as a whole, must either have the required collective competency to assess the technical challenges of the facility being audited, or must supplement the audit team with qualified technical experts.

3. Specific roles and responsibilities of the audit team members must be documented and cross checked.

4. ASPs must have a documented process in place for periodically evaluating the performance of both audit team leaders and audit team members.

5. ASP’s are responsible for assuring audit team leaders are maintaining competency.

6. In addition to the training outlined in COS-1-01, each member of the audit team must have safety related training (i.e., HUET, TWIC, etc.) required by the offshore facilities being visited.

7. The COS reserves the right to periodically, at COS’s discretion, audit ASP processes and auditor(s) competency.


06/15/12

28

Lead Auditor*


Auditor(s)


Periodicallyevaluates

ASPCompetency

Evaluator

Assigns

Evaluatesreal time

Provides oversight and leadership

Periodicallyevaluates

ASPs Link to Competency Assurance

* Lead Auditors must also have a certification as a management system auditor issued by an internationally recognized auditor certification body (ACB) such as BEAC, RAB-QSA, IRCA, etc.

06/15/12

29

Lead Auditor*

Training Providers Link to Competency Assurance



ASPCompetency

Evaluator

Trains, evaluates, and issues certification

as COS SEMS lead auditor

* Lead Auditors must also have a certification as a management system auditor issued by an internationally recognized auditor certification body (ACB) such as BEAC, RAB-QSA, IRCA, etc.

Trains, evaluates, and issues

certification as COS SEMS lead

auditorAuditor(s)

Trains, evaluates, and issues

certification as COS SEMS auditor

06/15/12

30

SEMS Audit Reporting Timeline


SEMS audit Initiated by

COS Member

COS Member contracts

with ASP to perform

SEMS audit

COS provided a courtesy

notification

Audit Starts

Auditing Complete – Formal audit

close-out meeting

between ASP and COS Member

Draft Audit report provided

to COS member by

ASP

ASP Audit

Plan to COS

Member

As Agreed to by member and

ASP

6 Months Maximum

3 years

30 Days 30 Days

Minimum 30 Days

COS Member decides that

audit will meet BSEE

requirements

COS Member provides

audit plan to BSEE

ASP issues COS Standard Audit Report to COS

Member

Report identifies NCs (does not

include corrective action plans)

BSEE Audit Complete

COS Member completes report with corrective action plans

to address NC’s identified in the COS

Standard Audit Report issued by ASP

Corrective action plans include timing

and responsible parties

If audit to fulfill BSEE requirement – ASP to

submit the COS Standard Audit report

to BSEE, and COS member to provide

COS Standard Audit Report to BSEE with

corrective action plans included

ASP accepts and verifies corrective actions; all NCs must be closed out for ASP to

certify

ASP provides completed COS Standard Audit

Report with corrective action

plans to COS

Good practices shared with COS,

if approved by COS member

ASP issues a dated COS SEMS

Certificate

Audit Closed

COS Member Company maintains

their SEMS program

COS Member Company starts next

COS certification

audit within 3 year period

COS Member implements

corrective action plan

As Agreed to by member and ASP

COS member consults with ASP on a verification process.

06/15/12

3106/15/12

COS Standard SEMS Report


32

COS Standard SEMS Audit ReportStakeholders - Needs

To ensure the needs of all stakeholders are met, we need to identify the stakeholders and understand their needs.

A single report that meets all common stakeholder needs will benefit everyone.

06/15/12 - DRAFT - Work in Progress

33

COS Standard SEMS Audit ReportStakeholders

1. Operator / Auditee

2. BSEE

3. COS

4. Industry (General Sense)

5. Industry (Senior Executives)

6. Public & NGO06/15/12 - DRAFT -

Work in Progress

34

COS Standard SEMS Audit ReportStakeholders – Needs - Operator/Auditee

1. Provide a standard report format with enough detail to identify appropriate corrective actiona. Adequacy of system vs failure to execute

2. Meet reporting needs to satisfy BSEE compliance requirements (directly transferable)a. Timely b. Minimize delays

3. Meet reporting needs to COS (directly transferable)a. Must add value

4. Avoid Failurea. Objectivity rather than Subjectivity b. Unacceptable delays in meeting regulatory timing

requirementsc. Provide enough detail to take action, without

getting into excessive non-value added information


35

COS Standard SEMS Audit ReportStakeholders – Needs - Industry (General Sense)

Indirectly from COS1. Timely access to data

2. General understanding a. What’s working (complying)

b. What’s not working (noncomplying)

c. Potential effective practices


36

COS Standard SEMS Audit ReportStakeholders – Needs - Industry (Senior Executives)

Indirectly from COS1. Level of confidence on actual progress

2. Understanding of industry exposure

3. Limit individual company liability

4. Potential effective practices


37

Standard COS SEMS Audit Report Includes: - all consistent needs

Excludes: - non-consistent needs


38

COS Audit Report

Utilization of report findings


39

Audit Report• Cover Pages

– Who, What, When, Where, and How

• Results– Section for each of the 13 SEMS Elements

– Nonconformances

SEMSElement

SEMSAudit

Question

RegulatoryRequirement

Nonconformance

Objective Statement of

NonconformanceCorrective Action Plan

Responsible Person and

TitleDue Date

Date Closed

1 1 Text from Protocol Objective statement





40

SEMS Elements Analysis – Raw Data - % Conformance by Element

% Compliance

Ele

men

t


41

SEMS Elements Analysis – Raw Data - % Conformance by Question in Element

Element 7

% Compliance

Que

stio

n


42

SEMS ElementsAnalysis – Ranked Data

Element Rank by # of NC # of NC

# of Identified Good Practices

3 Highest 2

12 0

8 3

… …

4 Lowest 6


43

SEMS ESEMS Evaluation & actionlements - Results Analysis

– Ranked by Company Compliance (blind)

% C

ompl

ianc

e

Company


44

SEMS Evaluation & action

• Develop and implement blind voluntary system for COS Members to share effective practices, by SEMS Element, with other COS Members

– Members with an effective SEMS element can provide effective practices• Members can view effective practices provided by other members• May have a COS review panel to evaluate provided effective practices

– COS review panel could include ASP– COS review panel may include BSEE?

• COS develops list of Subject Matter Experts (SME) by SEMS Element– Members contact COS SME for assistance


45

SEMS Elements - Results Analysis – Ranked by Question Compliance within Element

% C

ompl

ianc

e

Question


46

SEMS Elements - Results Analysis – Ranked by questions with lowest Compliance

% C

ompl

ianc

e

Question


47

SEMS Evaluation & action

• Critical review of findings and corrective actions for questions with greatest incidence of noncompliance.– Risk rank questions

• Focus on higher risk issues first– Identify commonalities and trends

» Perform broad root cause analyses as appropriate» Identify and seek good practices » Identify potential corrective actions » Share learnings


48

Questions?

06/15/12

Measuring Success


49

Questions?

06/15/12

Documents

3 rd Party Certification Process Overview