Safety First Auditing HSE (including Process and Personal ...
Transcript of Safety First Auditing HSE (including Process and Personal ...
Safety First – Auditing HSE (including Process and Personal Health Safety and Environment)
Presented by:
David Aurelius
Head of Audit & Risk
Boral
11C
HSE Internal Audit• “Process safety is about protecting our people, the environment and our assets from
major accident hazards”
• At Origin, our HSE internal audit program constituted 35-40% of our total annual internal audit plan.
• The risks below are those that guide us in forming our audit objectives and scope:
Risk Title
Loss of containment of hazardous energy/ substances from a failure of production related civil structure
Loss of containment of hydrocarbons from an asset
Staff or contractors may be harmed due to exposure to work-related hazards
Loss of containment of hazardous chemicals/ substances (e.g. CCP and hydrochloric acids) from an asset
Loss of containment of mechanical energy from an asset
Loss of containment of pressurised systems from an asset
Loss of containment of electricity from an a asset
HSE Internal Audit• Three phased approach to HSE internal audit:
• Site-based risks / controls – specifically site based activity
• Business Unit risks / controls – BU specific processes and / or frameworks
• Organisational-wide risks / controls – broader theme-based activity or management system audits
• Audit resourcing consists of:
• In-house engineering capability
• Guest Auditors
• Co-source engineering subject matter experts (SME)
• Based on the audit scope, we then base our testing around the three types of critical controls categories (see following slide):
• Hardware controls
• Human controls
• Management System controls
• The framework below outlines the distinct approach we have to HSE internal audits.
• Our testing is based on the safety critical controls, as determined “in scope”.
Approach to HSE Internal Audit
Approach to HSE Internal Audit (cont.)
• A key focus of FY18 was to identify and test critical controls. With tailored assurance and risk management
programs in place across business units we’re now looking to adopt a common control framework.
• Given that many material risks are Health & Safety (both personal and process safety) risks (e.g., loss of
containment, land transport, asset security), a common control framework for critical controls that manage
HSE risks or “Safety Critical Controls” is being adopted:
• A suite of Safety Critical Controls (SCC) are being implemented to:
• Align framework and terminology with international standards (e.g., IOGP)
• Have a common language to build awareness and understanding across all lines of defence
• Integrate and connect data to controls to allow us to better understand the health of our controls
• Share knowledge and resources across business units to strengthen assurance and increase
collaboration
Loss of Containment (LOC) - Bow-tie
• As an example, this is how the boarder SCC Categories are represented on an LOC Bow Tie:
• *It’s worth noting that the new SCCs also cover personal safety, other risk bow ties (e.g. Land Transport) could be developed using the SCC categories also
Typical HSE audit “Objectives and Scope”
The objective is to assess the design and operating effectiveness of business unit and site based controls that manage:
Key HSE (focus on environmental compliance) and process safety / asset integrity (including asset, civil and structural integrity) risks in accordance with OE Directives, HSEMS Standards, external regulations and BU-specific policies and procedures.
Asset management strategies, plans and activities.
Operational processes (including, supply chain/procurement, inventory/materials management, and Information (IT) and Operational Technology (OT)).
In addition, this internal audit assessed the:
Appropriateness of risk management activities, including first and second line assurance activity.
Tracking, progress and closure of actions resulting from third party/regulator reviews.
Sufficiency of closure of prior year internal audit actions (where actions have been completed).
Scope
Site, business-unit, divisional and corporate controls related to the following (processes) were examined as part of the scope:
1. Process Safety / asset integrity management 5. Environmental Compliance
2. Asset Management 6. Supply Chain, Procurement, and Inventory and Materials Management
3. HSEMS Compliance (including personal safety) 7. Information and operational technology / data management
4. Business Resilience 8. Risk Management activity
Summary of HSE internal audit findings and themesCommon areas of control weakness and organisational learnings
Risk management behaviours (including processes, capability and culture)
Across all audited BUs, the recognition and management of risk could be strengthened by improving:
a. Hazard identification processes
b. Processes to identify, monitor and maintain Safety Critical Equipment
c. Embedding Operational Risk Assessments
d. The effectiveness of the first (operators) and second (functional groups) lines of defence can be strengthened.
Leveraging cross-functional capabilities, techniques and tools, and promoting shared learnings through formal
governance forums.
Management of change / Incident management
The effectiveness of Management of Change controls were inconsistent.
Improvements can be made to oversight and reporting of incidents associated with principal contractor operations.
Contractor management oversight and accountability
High reliance is placed on third party contractors to perform operational risk management activities.
Use of Data Analytics in HSE internal audits
The use of maintenance, incident, production and availability data to test the following internal audit hypotheses:
1. High compliance with preventative maintenance leads to fewer incidents
2. High compliance with preventative maintenance leads to increased availability/production
3. Unplanned outages are a result of high levels of corrective maintenance, or absence of maintenance
4. Non compliance with preventative maintenance leads to unplanned outages
5. Safety critical assets are maintained
6. Safety critical assets are subject to preventative maintenance with minimal corrective maintenance
7. Incidents are a result of high levels of corrective maintenance, or absence of maintenance
8. Sites with high numbers of observations have fewer incidents
9. Sites with high numbers of observations undertake more preventative maintenance
Data Analytics dashboards (1)
Data Analytics dashboards (2)
Other HSE Considerations
Part of the extended HSE strategy encompassed the following areas of focus
Process Safety
Contractor Management
Land Transport
Environment
Health and Wellbeing
In particular, assurance of Health & Wellbeing programs / services will be considered as part of the broader FY20 HSE Internal Audit Plan.
Key areas of focus / risks will be:
Successful implementation of the new Employee Assistance Program
Effectiveness of the “TouchBase” program around access to support employees in building personal resilience
Transition of support services from HSE to HR (including Change Management)
Medical services rationalisation
Front-line Leader Mental Health program assurance