Manual For SIEP-led HSE Auditing

Shell International Exploration and Production B.V.
Manual for SIEP-

led HSE Auditing
EP 95-0130
HSE
MANUAL
Revision 0: 1 August 1996

EP HSE Manual Amendment Record Sheet
Section Number: EP 95-0130

Section Title: Manual for SIEP-led HSE Auditing
Rev. Chapter Description of amendment Date Amended

Nos. by
No.
0 All First Issue 1/8/1996 EPS-HE

Contents
CONTENTS 12.1 Staffing 33

12.2 Administration 33
Foreword 1
1 Rationale for Independent HSE-MS Appendices

Auditing 3 I Guidelines for the Application of Health,
Safety and Environmental (HSE) Auditing 35
1.1 Introduction 3
II HSE-MS Audit Report - Model Contents
1.2 Purpose of HSE Audits 3
Listing 41
1.3 Objective of SIEP-Led Audits 3
III HSE-MS Assessment Elements 55
1.4 Business controls and HSE-MS Auditing 4
2 The Internal Audit Process 5 Glossary of Terms and Abbreviations

used 57
3 Direct the Audit Process 7
References 59
4 Plan Audits 9
4.1 HSE Audit philosophy and programme 9
4.2 Frequency of HSE Audits 9
4.3 Standard HSE Audit packages 9
4.4 Formulation of HSE Audit plans 11
4.5 Duration of HSE Audits 12
5 Schedule SIEP-led Audits 13

5.1 Terms of reference 13
5.2 Audit team composition 15
5.3 Audit timing and duration 16
6 Perform Audits 17
6.1 Auditkit 17
6.2 Opening presentations and team briefing 17
6.3 Organisation 17
6.4 Finalisation of the Audit 19
7 Apply Results 23
8 Monitor Follow-Up 25
9 Analyse and Improve Process 27
10 Assess Overall Control Framework 29
11 Initiate Improvements to
Framework 31
12 Manage Staffing and
Administration 33
EP 95-0130 Revision 0 1 August 1996 i

HSE Manual EP 95-0130 Manual for SIEP-led HSE Auditing
This page intentionally left blank.
ii EP 95-0130 Revision 0 1 August 1996

Foreword
Foreword
Group-wide requirements covering all types of audits are defined in the Internal Audit Guidelines
(IAG) (Ref 1) issued by the Corporate Centre Internal Audit Department, and amplified in the
'Guidelines for the Application of Health, Safety and Environmental (HSE) Auditing' issued by the
Group HSE Adviser. These guidelines are included in this manual as Appendix 1.
This manual represents the application of these Group guidelines in the context of independent SIEP-
led HSE auditing with supplementary requirements being defined by the EPS-HE function in the SIEP
Strategy and Business Services Directorate (SBS). The objective of this document is to convey the
principles and practice of independent SIEP-led HSE auditing in an HSE Management System (HSE-
MS) context as practised in the EP Operating Units (OUs). As such it constitutes the Sector guidance
required by Appendix 1.
This manual provides guidance to lead auditors, audit team members, auditees and line managers. It
provides a methodology for balanced judgement of OU performance along HSE-MS principles
following a structured auditing technique. It is HSE specific and is consistent with the higher level
documents in SIEP and the Group. Generic principles, also applicable to non-HSE audits, as provided
in the higher level documents are repeated in this document where they are considered to underpin the
principles.
The structure of this manual will be updated at regular intervals to reflect changes in the SIEP role in
HSE auditing or practical experience of SIEP lead auditors gained whilst conducting audits.
The contents of this manual may assist OUs with an internal HSE auditing process along principles
similar to SIEP-led audits.
EP 95-0130 Revision 0 1 August 1996 3

4 EP 95-0130 Revision 0 1 August 1996

1 Rationale for independent HSE-MS auditing
1 Rationale for Independent HSE-MS Auditing
1.1 Introduction
The Statement of General Business Principles (Ref. 2) provides policy guidance covering all Group
activity. The Shell Group HSE policy is outlined as follows:
'It is the policy of Shell companies to conduct their activities in such a way as to take foremost
account of the health and safety of their employees and of other persons, and to give proper regard to
the conservation of the environment. Shell companies pursue a policy of continuous improvement in
the measures taken to protect the health, safety and environment of those who may be affected by
their activities.
Shell companies establish health, safety and environmental practices and integrate them in a
commercially sound manner into each business as an essential element of management'.
In order to comply with the above and other policy elements, specific responsibilities have been
delegated to the managers of the individual OUs. The introduction to Business Control Guidelines
(Ref. 3) states:
' It is the responsibility of chief executives and managers in Group companies to establish, maintain,
operate and demonstrate an appropriate framework of business controls. The framework should cover
all activities of a company, whether operational, technical, commercial, financial or administrative'.
1.2 Purpose of HSE Audits

With reference to the above, audit is a structured and independent means to demonstrate that the
required business controls framework is appropriate and effective. The Guidelines for the Application
of Health, Safety and Environmental (HSE) Auditing (Appendix 1) outline the purpose of HSE audits
as follows:
' The overriding purpose of HSE auditing should be to provide OpCo management a systematic and
independent assessment of the consistent and effective implementation of the HSE-MS. The HSE
audit process should enable OpCo management to ensure that potential or actual flaws are remedied
through effective follow-up action. BusComs will monitor this (in their shareholder role) and may
insist that follow-up action is completed or improved where necessary.'
Reference is made to Appendix 4 for audit definition.
1.3 Objective of SIEP-Led Audits

Appendix 1 further outlines the role of the Services Companies (ServCos) in independent HSE audits
as follows:
' Shareholders will expect OpCos' audit programmes to include independent HSE audits.'
' OpCos will usually engage HSE advisers in the Service Companies to conduct independent HSE-MS
audits.'
' OpCos too small for effective internal audit shall make use of independent auditors.'
Independent has been used here to mean an HSE audit of an OpCo carried out by a body external to
the OpCo. In the EP environment it covers OU audits led by either SIEP (functional internal audit) or
by a non-Group organisation (external audit). Conducting has been used here to mean leading the
audits.
Thus it follows that the objective of SIEP-led HSE auditing is to provide independent assurance to
OU management to enable them to demonstrate to shareholders that the HSE aspects of a company's

activity (or a defined part of that activity) are adequately managed. Appendix 1 states:
' These audits provide independent verification of the effectiveness of the OpCo HSE-MS, including
internal HSE audit, and the strength of the framework of control.'
' The report shall provide an overall rating of HSE controls against specific standards using a defined
technique'.'
' The report shall identify significant deficiencies against standards, and recommendations shall be as
specific as the team allows.'
' Specificity and transparency of the audit will be the key.'
1.4 Business controls and HSE-MS Auditing

Quality management principles demand that business controls are integrated within a management
system, and that correct operation of the system is verified by audit.
The required HSE Management System (HSE-MS) is defined in the document of that name (Ref. 4)
by the Group HSE Committee in 1994. The HSE-MS incorporates the generic controls as defined in
Business Controls Guidelines (Ref. 3) and provides specific detail and focus on HSE aspects,
including the Hazard and Effects Management Process (HEMP). An HSE-MS in its highest level
overview can be illustrated as follows:
The HSE Management System

Leadership and Commitment
Policy and Strategic Objectives
Organisation, Responsibilities
Resources, Standards & Doc.
Hazard and Effects Management

Corrective
Planning & Procedures Action
Implementation Monitoring
Audit Corrective Action &

Improvement
Corrective Action &

Management Review
Improvement
HSE-MS audits are an integral part of this system and assess the effectiveness of the application of
this system.
The following chapters will define the methodology and procedures for SIEP-led HSE auditing in
HSE-MS context.

2 The internal audit process
2 The Internal Audit Process

SIEP-led audits are part of the OU Internal Audit (IA) process.
The IA process as defined in the Internal Audit Process Model (IAPM) of the IAG (Ref. 1) is
applicable to all types of audits, including HSE Audits, irrespective of whether these are OU-
led audits or independent audits led by SIEP staff. The IAPM is represented as follows:
Internal Audit Process Model
AUD-05 AUD-35
Initiate Improvements Assess Overall Control

Direct the Audit Process
to Framework Framework
Analyse/
Plan Schedule Perform Apply Monitor
Improve
Audits Audits Audits Results Follow-up
Process
AUD-10 AUD-15 AUD-20 AUD-25 AUD-30
Manage Staffing/Administration
AUD-05
In this diagram, activities in boxes with dashed borders are not strictly part of the IA process.
However, as these activities are routinely reviewed as part of HSE audit scopes they are included to
provide overview and to illustrate interfaces with other processes. Similarly, the 10 IAPM elements,
as applied to SIEP-led HSE audits, are used to structure the core chapters 3-12 of this guideline.
The integration of IA in the business is illustrated in module A-02 of the EP Business Model (EPBM)
(Ref. 5).


3 Direct the audit process
3 Direct the Audit Process

Direction of the OU audit process is the responsibility of the Internal Audit Committee (IAC), the
composition of which is determined by the OU. The role of the IAC, defined in the IAG (Ref. 1),
relates to all types of audit including financial, commercial and technical. The Internal Audit and HSE
Managers normally attend the IAC.
Fundamental to directing the audit process is the production and maintenance of adequate
audit guidelines - which include standards and procedures - and ensuring their effective
application. Each OU determines its own internal HSE audit guidelines which, consistent
with Group guidelines, should include the following as a minimum:
 mission and vision statements for HSE, including auditing,
 required strategic development direction of HSE auditing,
 types of audit to be conducted,
 minimum frequency for each type of audit,
 duration range for each type of audit,
 requirements for evaluation and assessment, and
 requirements for follow-up of audit recommendations.
As a further element of the audit direction process, shareholders will expect OU audit programmes to
include independent HSE audits. Appendix 1 states:
' Independent audits shall verify the internal HSE audit process, testing reports, working files and
implementation control, with sufficient sampling of operations to test effectiveness.'
As such:
' OpCo audit guidelines will identify the proportion of the total HSE audits to be independent audits,
within BusCom guidelines.'
' The BusComs will monitor that OpCos have a structured programme for HSE audits in place.'
The OU internal HSE audit guidelines need to be updated from time to time in light of changes in
risks or risk acceptance criteria resulting from changing internal and external forces which include
legislation and technological development.
Also included within the audit directing process is final approval of the annual OU audit plan, the
formulation of which is covered in the Chapter 4.


4 Plan audits
4 Plan Audits
4.1 HSE Audit philosophy and programme

The IAG (Ref. 1) requires that each OU develop an audit programme to cover all processes within a
five-year cycle. For EP OUs, the processes are defined in the EPBM (Ref. 5) which illustrates that
about half of the total process elements are considered to be HSE-critical and should be subject to
HSE audit. The portion of HSE-critical process elements varies from around 70% for key asset
management and related execution processes to less than 10% for support processes. OUs should
structure their HSE audit programme in a manner which demonstrably covers all HSE-critical
processes. Appendix 1 states:
' In many OpCos a formal HSE-MS, with HSE Cases for critical activities, is the mechanism for such
identification and control of risk and HSE audit is an important part of any HSE-MS.'
An audit philosophy along HSE risk-based criteria will provide the basis for an effective and efficient
audit programme. In developing a risk-based audit programme - what audits should be performed,
why and when - HSE-MS and HSE Case documentation should serve as a key reference. These
should provide a comprehensive listing of processes, events and activities which are considered
critical to the OU in terms of health, safety and environmental risk.
It is recognised that many OUs are yet to develop their audit philosophy in full along HSE risk-based
criteria.
4.2 Frequency of HSE Audits

Frequency definition for of each type of HSE audit is an OU responsibility and the frequencies should
be specified in the OU HSE Audit Guidelines. As a guideline, Appendix 1 states:
' All business processes should be periodically audited, and the frequency and depth of HSE auditing
of a particular activity should be appropriate for the degree of potential risk.
Only OpCo management can fully assess their local circumstances and select the appropriate
frequency and depth of auditing appropriate for each activity. This selection shall be formal and
transparent, and shall be regularly reviewed to take account of experience of incidents and changes in
the OpCo's environment. An audit cycle should not be longer than five years as in that time major
changes may have taken place and the consequences for the integrity of the control framework need to
be verified.'
In following the above, the frequency at which individual processes or assets are audited should be
subject to the degree of HSE risk, the criticality of the process in relation to the business objectives
and the perceived degree of control of that process. As such even well controlled processes or well
managed assets may need to be audited more frequently than once every five years.
4.3 Standard HSE Audit packages

With reference to the EPBM (Ref. 5) EPS-HE have developed the following standard HSE
audit packages:
 Facility Operations HSE audits,
 Facility Start-up HSE audits,
 Seismic HSE audits,
 Drilling HSE audits,
 Environmental audits, and

 Occupational Health audits
These standard types of audit focus on the HSE-critical activities as indicated below:
Types of HSE Audit in the EPBM
Opco Management - Health Occupational

Health
Opco Management - Environment Environment
Materials & Transport Activity

(Transport)
Facility
Explore Appraise Develop Produce Abandon Operations
Drilling & Well Operations Drilling

Survey Operations Seismic
Facilities Design & Construction Facility
Start-up
The sequential driver activity Produce is individually assessed by facilities audits. Other
sequential driver activities i.e. Explore, Appraise, Develop and Abandon, are assessed by
audits of the recurrent execution activities as follows:
 Drilling and Well Operations as Drilling Audits.
 Survey Operations as Seismic Audits.
 Facility Design and Construction as Start Up Audits
Abandonment should be subject to an environmental audit. Air operations are subject to audit by Shell
Aircraft.
The standard packages provide for common audit methodology and scope along approved Group and
SIEP guidelines. These comprise BusCom standards which are compatible with IAG and corporate
HSE guidelines. Reference is made to Appendix 2 for a scope description of these audit types.
The first four of the above audits types are structured to provide comprehensive coverage of all
elements of the HSE-MS; their scope includes detailed reference to HSE Case documentation or risk
analysis material already available within the OU. The separate Occupational Health and
Environmental audits are aimed at OU-wide management. These require SIEP specialist skills
additional to the level normally provided in conducting the first four audit types.
All audits, regardless of being OU or SIEP-led, are essentially review processes of the OU
business controls to establish that they are applied, effectively and efficiently, and comply
with OU requirements. For HSE audits it is essential to verify that all risks have been
identified, adequate controls have been identified and that controls are complied with. Given
the inevitably wide scope and limited duration of SIEP-led HSE audits, this verification will
be done via sampling as detailed verification of all the risk elements of the audited facility or
activity cannot be achieved. As such the SIEP-led audits focus on:
 verification that structured risk assessment has been applied to the key HSE risk elements
of the facility or activity,
 sample whether these risks have been appropriately assessed and the correct controls have
been identified, and
 sample whether these controls are adequately implemented and complied with.
By limiting the audit scope the sampling can be improved thus the verification can be done more

4 Plan audits
thoroughly.
The standard audit packages provide guidelines to meet these principle objectives in which
compliance observations are the key towards conclusions on adequacy of controls. Where possible
SIEP-led audits will attempt to identify root causes for the observed deficiencies.
The packages are OU independent and, with reference to Chapter 6, the contents will require some
tailoring to fit the defined scope for individual OU audits.
In addition to the above, on OU request, SIEP will provide HSE auditing services as related
to miscellaneous OU specific activity or theme audits, such as:
 Transport audits,
 Emergency Response audits,
 HSE management of contractors audits,
 Permit To Work audits, and
 HSE training audits
Whereas these are covered in considerable depth in the first four of the above standard packages, OU
specific circumstances may occasionally justify a more concentrated assessment in dedicated audits.
The scope definition for these audits will invariably require more dialogue between the OU and
assigned SIEP lead auditors when compared to the standard packages.
4.4 Formulation of HSE Audit plans

HSE audit plans should be prepared as integral elements of the OU annual business planning
cycle. The timing of individual HSE audits should be determined and prioritised by the OUs
IA Department in consultation with HSE and line managers and potential auditees, taking
account of risk criteria and any new or revised business objectives. The typical five-year
cycle audit plans should identify:
 Year 1: precise audit scope, outline terms of reference and timing of audits
 Year 2: outline scope and quarterly phasing for Year 2
 Year 3-5: categories/titles per year.
There should be demonstrable continuity in each annual update of the five-year plan. It is at this stage
that OUs, within New and Regional Business Directorates (N/RBD) guidelines, will determine which
of the planned HSE audits will be SIEP-led. Appendix 1 states:
'Having established the total long term audit plan, the OpCo should identify the proportion to be
independent audits as opposed to internal audits, within such guidelines as may be issued by the
BusCom.'
Following agreement of the plans with the N/RBDs, the plans for SIEP-led HSE audits should be
submitted to EPS-HE for resource planning and execution scheduling within the overall EP
independent HSE audit programme. Timing of plan submissions should be in accordance with the
SIEP planning cycle, the details of which are communicated to each OU at the appropriate juncture in
the cycle. Plans for SIEP-led HSE audits must be firmed-up in advance of the commencement of Year
1.
EPS-HE should then nominate a leader for each audit identified as SIEP-led HSE audit (refer to
Chapter 12).
4.5 Duration of HSE Audits

Audit duration is determined by the audit scope, the principles of team building, OU
participation for ownership and the need to present a report on site. With reference to the
scope typically covered in the standard audit packages as per Chapter 4.3 above, experience
has led to the following recommended BusCom standards for SIEP-led audits:
 Facilities audits - 16-18 days
 Start-up audits - 14-16 days
 Activity audits - 12-18 days
 Environmental audits - 12-14 days
 Drilling audits - 10-14 days
 Seismic audits - 8-10 days
 Occupational Health audits - 7-12 days
OU plans for SIEP-led audits should be based on these durations whereas the precise duration of each
audit is determined as part of the detailed scheduling process of the individual audits. Deviations from
these guidelines may be justified following detailed consideration of the Terms of Reference (see
Chapter 5) and scope, and require approval by the nominated SIEP audit leader.

5 Schedule SIEP-led audits
5 Schedule SIEP-led Audits
5.1 Terms of reference

The first step in scheduling any audit is to define the detailed Terms of Reference (TOR) as these may
affect resource requirements and dictate the mix of skills required within the audit team. For SIEP-led
audits, either the auditee or the SIEP audit leader may initiate the TOR definition process, but it is the
audit leader's responsibility to ensure that this process commences at least three months in advance of
the planned start date.
The TOR must have been agreed between auditee and audit leader prior to the start of the audit. If this
can not be achieved, the audit must be deferred until such time that agreement is reached. Specifically
for SIEP-led audits the TOR must be agreed at least one month in advance to secure a confirmed start
date with a view to travel arrangements.
The TOR must confirm objective, scope, standards, auditee, team members (see Chapter 5.2), audit
methodology, and reporting requirements
Objective
With reference to Sections 1.2 and 1.3 above, the principal objective of all HSE audits (except facility
start-up audits - see below), whether OU- or SIEP-led, is to assess the effectiveness of the corporate
HSE management system as applied to the specific facility, operation or activity. In this context the
HSE management system is either the formally defined HSE-MS or, where this does not exist, the
totality of those systems, procedures and practices used by the OU to manage HSE.
The principal objectives of a facility pre start-up audit differ slightly from the above but are
essentially to verify that:
 the facility itself is in a fit state for start-up from an HSE perspective,
 all associated resources, controls, procedures and services are available to support the new
activity, and
 HSE management was effective through development, construction and commissioning of
the facility. The audit observations and recommendations in this context will be of
marginal benefit to the audited project, however learning points may be identified for
future OU projects of a similar nature.
Supplementary audit objectives may be defined as appropriate to the specific needs of the individual
OU or as dovetailing with the specialist expertise of the individual audit team members. This is an OU
responsibility.
As a standard all SIEP-led audits will deliver an opinion on the overall level of control in relation to
the individual elements of the HSE-MS. Depending on the results of this detailed assessment the audit
will be considered 'satisfactory' or 'unsatisfactory' (Chapter 6.4).
Scope
Definition of audit boundaries or scope for SIEP-led HSE audits is an OU responsibility and should
be in accordance with the outline agreed between OU and N/RBD in the Audit Plan.
The scope should include the entirety of the subject facility, operation or activity as appropriate,
including all relevant interfaces. The scope definition should be as specific as possible in relation to
the audit type. Where an EPS-HE standard package has been selected for conducting the audit, the
scope should be tailored to the standard audit methodology as detailed in this manual. For example,
the scope definition for a facility audit should define boundary limits, specifically including or

excluding named up- and down-stream pipelines and adjacent facilities.

If a SIEP-led audit has not been conducted in an OU for more than a year, it is recommended that the
audit scope includes assessment of the broader aspects of corporate HSE-MS, including for example
management commitment and leadership, HSE policy, audit, etc. (refer to Chapter 6.4). As the audit
results in this scope context will usually be beyond the control sphere of the auditee, observations and
recommendations should be aimed at senior management and IAC level.
Standards
The standards for assessment for all HSE audits should include, in priority order:
 laws and regulations of the country,
 OU current standards and procedures including HSE-MS and HSE Case(s), and
 standards specified in the Basis for Design (covering design, construction, commissioning
and operation).
SIEP-led audits will be expected to comment on any shortfall in the above in relation to Group
policies, guidelines and standards.
Auditee and Co-ordinator

Nominating the auditee is an OU responsibility. The auditee should be an individual, preferably the
asset holder or process owner, clearly identified by name and/or reference indicator. Multiple auditees
should be avoided by nominating an auditee at the higher level where overall accountability for the
audited operation or facility is accepted.
Early nomination of an audit co-ordinator has been proven instrumental in getting SIEP-led audits off
to an efficient start. The incumbent will be required to assist in liaison between auditee and SIEP and
arrange logistics, offices, documentation and accommodation for SIEP and third party audit team
members. Combining these activities with the auditee responsibilities is usually unsuccessful.
Methodology and structure

As a common approach to all audits, audit team members are required to gather information by
observation, through interviews and by checks of hardware and documentation. An essential element
in the audit process is the conscientious verification of facts and findings and the confirmation of the
validity of recommended actions. Where judgement is required, the result should be determined by
consensus within the audit team in which the audit leader has overall responsibility for reaching a
conclusion.
All SIEP-led HSE audits will, in principle, be conducted in accordance with BusCom standards,
which follow the principles as documented in HSE Manual (EP 95000). In the short term (until the
end of 1997), there may be circumstances in which OUs may request audits to be based on the
Enhanced Safety Management (ESM) principles as outlined in EP 55000-14.
Reporting
Reporting requirements in the TOR should provide for the audit results to be presented to the auditee
and relevant members of OU management, and for delivery of a draft report at the end of the audit.
Reports of SIEP-led HSE audits will be stand-alone. Appendix 1 states that:
'Findings shall be detailed and effective. Follow-up actions shall be defined and secured.'
The report will contain recommended actions which are classified in accordance with the seriousness

5 Schedule SIEP-led audits
of the observed and documented weaknesses or deficiencies. All SIEP-led audits will use the
classification methodology as outlined in the IAG (Ref. 1). Further details are provided in Chapter
6.3. The classification of individual recommendations may form the basis for OU-specific ranking
methodology.
Where practical, weaknesses and recommendations will be grouped together to facilitate further
analysis of root causes and formulation of generic recommendations. Where identified, structural
weaknesses, deficiencies and recommendations will be highlighted in the report Main Findings.
Notwithstanding this, translating audit observations and recommendations into agreed actions
assigned to action parties is essentially a post audit activity and is an OU responsibility.
The report will demonstrate how either the individual or the aggregate of the observed weaknesses
have been used to assess the individual HSE-MS elements of the subject facility, operation or activity.
Further details are provided in Chapter 6.4.
Following the completion of final report editing in Central Offices, the SIEP audit leader will, within
one month of the end of the audit, issue the formal report as per the agreed distribution list.
Distribution will be restricted to OU-approved addressees which should include EPS-HE and the
relevant N/RBD. Although the report will be registered with the SIEP EP library, the OU will remain
the owner of the report and as such will define access.
5.2 Audit team composition

The correct balance of skills, expertise and seniority in an audit team is a critical success factor in the
outcome of any audit. Full agreement is required between OU auditee and SIEP audit leader prior to
undertaking the audit in which either party has the authority to decline the audit when an appropriate
team cannot be made available.
Qualification criteria for SIEP audit leaders are detailed in Chapter 12. Audit team members should be
selected such that their skills are appropriate to the audit type and scope. If an OU lacks the
appropriate skills and expertise to provide a suitable audit team, the SIEP team leader will resource
additional team members from SIEP or other resource pools. This will be agreed with the auditee in
advance.
To ensure independence in assessing the individual and overall level of HSE control the SIEP-led
audit team should ideally be an equal mix of SIEP and OU personnel. As a minimum, two SIEP
members (including team leader) are recommended. Team members from third parties or other OUs
may be proposed by either OU or SIEP where this would add value to the audit.
Team members should normally be JG2/3, although a JG4 may be included where the incumbent has
specific expertise relevant to the audit scope. As a minimum, one of the OU team members should be
sufficiently senior to represent the management view to the remainder of the audit team. In the
interests of maintaining independence and objectivity, not more than one member of the audit team
should be directly involved in the audited operation. For similar reasons, SIEP auditors will not
normally participate in OU audits within two years following an assignment in that OU.
All team members should be notified of their inclusion within the audit team at least three
weeks prior to the start date. They should each be briefed on the TOR and, if it is their first
audit, the audit process. The responsibilities for these briefings are as follows:
 OU IA department representative for OU team members,
 SIEP audit leader for SIEP team members,
 IA department representative for those third-party team members nominated by the OU to
participate in the audit, and
 SIEP audit leader for those third-party team members nominated by SIEP to participate in
the audits.

As a minimum, prior to commencing the audit, all team members should be expected to have read the
guidelines as contained in this document.
All team members must commit to participate full-time in the audit unless agreed otherwise by the
audit leader in advance of confirmation of the team composition.
5.3 Audit timing and duration
The start date for an audit should be arranged by mutual agreement between the auditee and the audit
leader.
The precise timing of facility and activity HSE audits is normally not critical and these should be
closely aligned with the annual audit plans. The timing of pre start-up audits, being project-related,
requires a balance between project completion - i.e. preparedness for audit - and time required for
corrections as resulting from critical audit findings. Ultimately, the auditee should decide the start-
date which should be fixed at least one month in advance of commencement of the pre start-up audit.
Durations of SIEP-led audits should normally align with those given in Section 4.5. However, taking
into account the specific audit scope, the auditee, audit leader, IA Department representative or the
relevant line manager may propose a duration outside the recommended time frame. Such variations
must be agreed by the SIEP audit leader who carries ultimate responsibility for the successful
completion of the audit.
All SIEP-led HSE audits include an element of training for those team members which are lacking in
previous HSE audit experience. This will be provided by the audit leader at the commencement of the
audit. The time required for this is included in the guidelines provided in Section 4.5.

6 Perform audits
6 Perform Audits
6.1 Auditkit
'Auditkit' presents a task listing and set of tools to aid the SIEP audit leader in the conduct of an audit.
It includes sample slide presentations, questionnaires, templates and guidelines and can be customised
and supplemented by the leader to suit the individual audit requirements. Use of 'Auditkit' forms part
of the training of SIEP audit leaders.
'Auditkit' is available on the EP 95000 CD-ROM and on the Shell World Wide WEB. In using
'Auditkit' from CD-ROM it is advisable to verify the latest version with EPS-HE, as it is planned to
update 'Auditkit' on a regular basis.
The following is an explanation of the generic audit process, the detail of which will be defined by the
audit leader at commencement of each audit.
6.2 Opening presentations and team briefing

Each SIEP-led audit will commence with an opening presentation by the audit leader to the
auditee and relevant members of line management. This presentation should cover:
 introduction of team members,
 terms of reference,
 audit methodology,
 locations to be visited,
 interviewing methodology,
 planned timetable,
 report outline,
 classification and assessment criteria, and
 date and time of the final presentation of audit results
Ideally, the opening presentation should be followed by a presentation by the auditee to familiarise the
team with the audited operation, explain corporate and departmental objectives, summarise HSE
performance and to identify any areas requiring special attention or sensitivity.
These initial presentations should be followed by a team meeting in which the audit leader briefs the
team members on the conduct of the audit, allocates areas of investigation to team members and
makes plans for team visits. This meeting will also identify the report structure and outline the report
contents listing. Depending on the composition of the team and their previous audit experience, the
initial part of the briefing may include an element of training in audit techniques.
6.3 Organisation
The team briefing slides in 'Auditkit' may be used by the leader at key milestones throughout the
audit. They remind team members of key aspects to facilitate the smooth running of the audit and
production of a quality report. Aspects included are interview strategy and guidelines on conduct,
verification of findings, identification of root causes of deficiencies, formulating audit actions and
report drafting/formatting.

Work distribution
Following team introduction, the team leader will assign responsibilities for writing sections of the
audit report to individual team members, depending their specific expertise.
Team management
Team members are normally paired in relation to the expertise of individuals and the assigned tasks.
Each pair makes its individual programme of document reviews, visits and interviews. Following this
preparation, further team meetings will confirm plans and eliminate possible overlaps or omissions in
the audit scope.
Facility/activity visits
It is useful, early in the programme, for the whole team to visit the main audited location as a group,
accompanied by the auditee or his delegate. This will help the audit team gain an overview and allow
the more experienced auditors in the team to identify "leads" to the less experienced members.
Individual auditor visits will be conducted at a later stage in the audit.
Documentation of facts/findings
As the audit progresses, team members should document and verify their findings and formulate
remedial actions. Frequent team meetings should be held to allow team members to share findings,
use team expertise in defining actions, discuss issues, identify underlying root causes and define the
recommendations of a broader nature.
Audit report contents

The standard report contents for SIEP-led audits conducted in accordance with EP 95000
methodology is given in Appendix 2. The report index is essentially structured in line with
the elements of the model HSE-MS and is subdivided to facilitate the assessment process.
The report comprises:
Chapter 1: the executive summary including main audit findings and assessment results.
Chapter 2: audit administration details including TOR and audit follow-up.
Chapter 3: the generic elements of the HSE-MS, applicable to all types of HSE-MS audit.
Chapter 4: the elements specific to the audit type.
Where available, HSE-MS and HSE Case documentation will be key reference material for both audit
review and report documentation. The standard index of report Chapters 3 and 4 may, if necessary, be
adjusted to meet the specific scope and requirements of the audit. The proposed listing is designed to
provide comprehensive coverage when used in conjunction with the questionnaires in 'Auditkit' and
significant variation should be unnecessary.
Report drafting
One or more drafts of the audit report may be made and distributed among the team to promote
cohesion, identify gaps, eliminate overlaps and improve structure and quality of the document. Team
members should be encouraged to discuss their drafts with appropriate staff within the audited
organisation in order to improve quality and transparency of their findings and recommendations,
minimise later misunderstanding and maximise buy-in to the audit results.
Certain parts of Chapters 3 and 4 are interlinked and care is required to avoid duplication. The
detailed audit findings and recommendations should be given in Chapter 4 whereas Chapter 3 should
focus on the root causes and recommendations related to the findings of Chapter 4.

6 Perform audits
Audit recommendations
Particular attention will be required to ensure that audit recommendations are stand-alone and
SMART - Specific, Measurable, Achievable, Realistic and Time-based. The audit team may include
views on required urgency, but defining the implementation timing of individual audit
recommendations remains an auditee responsibility.
All audit recommendations will be classified in accordance with the definitions of the IAG
(Ref. 1) for rating of weaknesses. In an HSE context these are translated as follows:
Weakness Level Definition
Serious A serious weakness exposes the company to a major extent in terms of achievement of the
corporate HSE objectives or results.
High A high weakness is one which, though not serious, is essential to be brought to the attention of
the senior management team. This should also include any otherwise medium weakness which is
a repeat finding from a previous report.
Medium A medium weakness could result in a perceptible and undesirable effect on achievement of HSE
objectives.
Low A low weakness has no major HSE impact at the process level but nevertheless its correction
will assure greater effectiveness/efficiency in the process concerned.
In experiencing difficulty in establishing weakness levels, weaknesses may be ranked in terms of the
expected impact, and dividing lines may be drawn to establish precise cut-off points. Classification
should preferably be based on team consensus, but ultimate accountability for classification lies with
the audit leader.
All observations of weaknesses leading to recommendations will be detailed in the audit report. The
recommendations subsequently classified as 'low' will be excluded from the audit report and will be
issued as an audit memo from the audit leader to the auditee. The memo will be appended to the audit
report.
Weaknesses are classified as part of the audit process to assist auditors in arriving at the assessment of
the individual HSE-MS elements and the subsequent overall audit result. Auditee disagreement with
the documented classifications should not preclude timely close-out of the audit recommendations
inclusive of documented audit trail.
6.4 Finalisation of the Audit

Report editing
The final draft report should be reviewed and agreed by all team members. The most effective method
for this is a team editing session in which the report is projected from a word processor onto a screen
visible to the whole team. Each section is then reviewed in its entirety and issues are discussed with
the objective of obtaining unanimous agreement on final report text with each member offering his
comments. Audit leaders shall have editorial control and a deciding vote in case of disagreements.
Editing may be conducted "on line" as the session progresses.
Audit assessment of level of controls

One of the final stages in completing the audit is the delivery of an audit opinion on the level of
control for the individual elements of the model HSE-MS. Whereas the model contains 8 elements
this assessment is conducted along 10 elements which are as follows:
1 Leadership and Commitment

2 Policy and Strategic Objectives

3 Organisation and Responsibilities
4 Resources and Competence Assurance
5 HEMP
6 Planning
7 Standards, Procedures and Document Control
8 Implementation and Monitoring
9 Audit
10 Management Review
Appendix 3 details the rationale for selection of these elements from the model HSE-MS.

6 Perform audits
The assessment terminology in the IAG (Ref. 1) is as follows:

Audit Opinion Level of concern Inference for senior management
Good Specific No follow-up required by auditee's function head (IAC) member.
Fair Overall scope for In addition to following up correction of any high or medium weaknesses the
enhancement function head should encourage general improvement in control awareness.
Unsatisfactory Overall cause for In addition to following up correction of any high or medium weaknesses the
concern function head should take affirmative action to ensure that control standards in
this area are raised.
Unacceptable Overall cause for In addition to following up correction of serious, high or medium weaknesses
grave concern the function head should satisfy the senior management team concerning
affirmative action to raise control standards in this area.
The existing four point scale currently used in SIEP-led HSE audits is essentially equivalent to the
IAG terminology. Its precise wording has been formulated to improve focus and clarity of the audit
statement and as such it will be retained as follows:
Audit Opinion Inference for senior management

++ A high standard of control requiring no additional management attention.
+ A high enough standard of control for improvements to be handled by the normal management
involvement.
- Essential controls are in place, but deficiencies require focused management intervention.
-- Essential controls are missing or ineffective. Prompt management action is needed.
Having read the draft audit report in detail, and having participated in the report editing sessions and
the classification of weaknesses and recommendations, each team member should make his own
assessment of each element. An audit assessment questionnaire, an example of which is provided in
'Auditkit', may be used to structure this process. The results should then be debated within the team
until a consensus is achieved, although ultimate accountability for assessment lies with the audit
leader.
To arrive at the audit opinion on the overall level of control for the subject area, any HSE-MS element
assessed to be 'double negative' will result in an 'unsatisfactory' audit.
Main findings
Having completed the assessment of the HSE-MS elements and concluded the overall audit result, the
Main Findings should be drafted by the leader and reviewed and agreed within the team. Where
possible they will highlight root causes for the observed deficiencies. They should be communicated,
together with HSE-MS element assessment and the audit opinion, to the auditee not later than the end
of the working day preceding the concluding presentation of the audit results. Whilst the content of
the Main Findings is determined and agreed by the team, the leader should agree the factual
correctness and discuss the precise wording with the auditee.
Every effort should be made to provide the auditee with a preliminary draft report to assist in
understanding the context of the Main Findings.
Final presentation
With the final draft report complete, a formal presentation should be given to the auditee by the team
leader, in the presence of the whole audit team. The presentation should be a factual summary of the

findings, key recommendations and assessment results.

Selection and invitation of the audience is an auditee responsibility but should include the auditee's
immediate supervisor or manager. Other interested managers and staff may attend.
Although preferably conducted by the auditee following the audit, the audit leader, at auditee request,
may give additional presentations to auditee's subordinate staff and/or contractors.
Issue of final draft and final report

A copy of the final draft of the audit report should be handed to the auditee before the team leader
leaves the OU. The formal report should be issued within one month, a copy will be registered in the
EP library with access determined by the OU.

7 Apply results
7 Apply Results
With reference to Chapter 2, application of audit results is not strictly part of the IAPM process.
However, with reference to Appendix 1, SIEP-led HSE audits specifically include assessment of the
implementation or application of the recommendations of previous independent audits. As such it is
covered in this manual in outline.
Internal to OU
The process of translating audit recommendations into agreed actions assigned to an action party is an
OU responsibility. Assigning an audit follow-up co-ordinator is a widely adopted and successful
approach. The follow-up process should itself be auditable and an OU register of deficiencies and
corrective actions ensures that deficiencies are not overlooked and allows overall prioritisation.
Subsequent decisions should be recorded, including decisions to do nothing or change action parties.
Periodic reports are needed to keep the register up-to-date and inform management. A multi-user
access tracking system will allow OU staff to update and check status and reduces the amount of
unread information in circulation. It will also assist auditors in verifying that audit follow-up is
adequately managed.
Where a deficiency has been found in one part of the OU and corrective action recommended, the
audit follow-up co-ordinator must consider the broader significance and if lateral corrective action
may be needed e.g. if an operational audit has identified a weakness in the application of permits to
work in one operational unit, other operational units should be checked for the same weakness.
Verification of lateral application of audit recommendations should be a key element in the scope of
all audits.
External to OU
In conducting HSE audits SIEP staff will identify issues and practices which warrant communication
to other OUs. In finalising the audit the SIEP audit leader will highlight these to OU management and
request approval for SIEP dissemination of this information. Having obtained OU approval, the SIEP
audit leader is responsible for ensuring that the relevant SIEP organisation is alerted to this
information.


8 Monitor follow-up
8 Monitor Follow-Up
Monitoring of audit follow-up is an OU responsibility. However, with reference to the guidelines
provided in Appendix 1, SIEP-led HSE audits specifically include assessment of the follow-up to
recommendations of previous independent audits. As such it is covered in this manual in outline.
Further guidance is provided in the IAG (Ref. 1).
The IA Department should maintain a register of audit recommendations in which the status
of each OU open action is regularly updated. The following may serve as a guideline:
Completed One off items physically completed.
Continuing items instructions issued and actioned for the first time
Rejected The objective is not accepted and the authorised variance detailing the reasoning has been
documented.
Varied The same objective is to be achieved by a different route; should identify whether it is
"agreed" or "completed".
Agreed Specification of action has been decided, and expenditure has been authorised and
instruction to go ahead to completion given.
Study Not yet categorised.
A summary of the status of open audits should periodically be presented to the IAC who will assess
the adequacy of follow-up activity and expedite any necessary OU remedial action. Responsibility for
taking the necessary action, however, should remain with the line, completed actions should be
formally documented and signed-off by persons of appropriate seniority. Documentation of closed-out
items should be retained for possible inspection during subsequent audits.
With reference to the guidelines in Appendix 1, approved justifications of variations or rejections of
recommendations from SIEP-led audits will be copied to the audit team leader to avoid
misinterpretation of recommendations. There is no further requirement to report routine audit follow-
up details to the SIEP audit leader.


9 Analyse and improve process
9 Analyse and Improve Process

Analysis of the audit process and implementation of improvements is an OU responsibility. However,
in the context of the HSE-MS element Management Review, SIEP-led HSE audits may include a
review of this IAPM element. As such it is covered in this guideline in outline, further guidance is
provided in the IAG (Ref. 1).
Annual reviews of all HSE audit activity conducted in each OU, by OU and SIEP, should be made
within the respective organisations. These reviews should include analysis of:
 numbers and types of audits conducted,
 overall audit results i.e. satisfactory/unsatisfactory,
 audit results of HSE-MS element assessment,
 findings (to identify commonly recurring deficiencies),
 audit participation by various departments,
 audit training conducted,
 changes in the available auditing skills pool, and
 costs.
The results of each such review should be included in an annual report. Review of this report should
be an integral element of the IA improvement process.
A supervisory review of each audit provides material for a periodic review of the way audits are
conducted in house. Especially in those OUs where HSE audits are part of the role of Internal Audit,
the HSE function should be involved in these supervisory reviews.
In addition to audits, incident investigations may also identify areas where controls need to be
improved, or where the audit process needs to verify effectiveness of the HSE management process.
Each incident should be reviewed to decide whether an audit before the incident could have identified
the deficiencies. Failing to do this may require the scope of the HSE audits to be extended.
Other assessments of the audit process come from SIEP-led HSE audits and Business Control
Reviews. There is also an increasing involvement of outside bodies in setting standards for audits and
auditors, particularly in the environmental area (EU Environmental Management and Audit
Regulation - EMAS - Ref. 6). In general, the requirements set out in EP 93-1600 (Ref. 7) and this
guideline exceed external requirements, although additional documentation may be required for
formal compliance.
Changes to the audit process need to be endorsed by the OU IAC and formalised by updating the OU
audit manual.


10 Assess overall control framework
10 Assess Overall Control Framework

Assessment of the overall control framework is an OU responsibility. However, in the context of the
HSE-MS element Management Review, SIEP-led HSE audits may include a review of this IAPM
element . As such it is covered in this guideline in outline, further guidance is provided in the IAG
(Ref. 1) and the EP Business Governance guide (Ref. 8).
The OU IAC should review the outcome of the year's HSE audits together with the results of other
audits, reviews, incident investigations and management inspections to see if there are common
underlying control problems which need action at high level across the company. Areas of weakness
should be correlated with elements of OU HSE-MS with a view to appropriate corrective action.


11 Initiate improvements to framework
11 Initiate Improvements to Framework

As indicated in Chapter 2, this element of the IAPM is not strictly part of the IA process. It is a top-
level management activity performed in relation to all audits and reviews conducted in the business. It
is mentioned in this manual only to illustrate the continuity in the overall process of dealing with
audits. Detailed guidance is provided in Internal Audit Guidelines (Ref. 1).


12 Manage staffing and administration
12 Manage Staffing and Administration
12.1 Staffing
Within SIEP, the SBS Directorate maintains a pool of qualified HSE audit leaders to assist
OUs conduct their audit programmes. The SIEP HSE audit leaders occupy their positions for
a period of 2-3 years as part of their career development. Prerequisites for SIEP audit leaders
are as follows:
 minimum level JG2,
 CEP paralleling the current JG level of potential auditees,
 at least 15 years experience relevant to the types of audit that they will conduct,
 technical/operational HSE management experience,
 sound interpersonal and communication skills, and
 qualities of independence, objectivity and analysis.
Prior to leading audits, SIEP audit leaders will undergo training including the following:
 Technical Audit course (EP04),
 Managing HSE in the Business Course (V2FA),
 Helicopter Underwater Escape Training (HUET) (periodically renewable),
 Basic Offshore Survival Training (periodically renewable), and
 participation in two HSE audits led by competent SIEP audit leaders.
Suitably qualified SIEP staff will be made available to participate in SIEP-led audits in accordance
with resourcing plans as agreed with EPS-HE at the start of the activity planning period. SIEP audit
leaders are responsible for nominating and approving individual SIEP staff who, in addition to having
suitable audit scope related experience, should be JG3 or higher although a JG4 may exceptionally be
included. They should attend the Technical Audit Course prior to participation in their first audit.
Selected SIEP staff will be communicated to OU auditees, highlighting relevant experience and
selection criteria used.
Following similar principles, OUs should have a means to identify line staff suitably qualified to
participate in SIEP-led HSE audits. Approval of nominated OU staff for participation in SIEP-led
audits is a joint responsibility of auditee and SIEP audit leader.
12.2 Administration
The SIEP audit leader should prepare a budget in advance of each SIEP-led audit which covers all
SIEP costs, including preparation time, travel and accommodation. The budget should be formally
approved by EPS-HE. Overall SIEP related audit cost will be communicated to the auditee prior to
commencing the audit. On completion of the audit, excessive variation (>10%) from the budget
should be justified by the audit leader.
The audit leader is responsible for maintaining audit correspondence files from inception until two
years following completion of the audit. The audit leader will register a copy of the audit report in the
EP library where it will be retained indefinitely. The reports may provide benchmarks in monitoring
the development of the facility or activity concerned and evidence of an active search for deficiencies.
Access to the reports will be specified by the OU.

APPENDIX I
GUIDELINES FOR THE APPLICATION OF HEALTH,
SAFETY AND ENVIRONMENTAL (HSE) AUDITING
Endorsed by the HSE Advisers Panel,July 1996
(Original was signed by the Chairman, R. Laufs, PXE)
1 Introduction
1.1 General
HSE issues can give rise to major business risks. The Health, Safety and Environment Management
Systems (HSE-MS), which are currently being implemented by Group companies, should include
well structured HSE audit systems. Auditing forms an important element in systems designed to
monitor, manage and contain HSE issues.
The roles and responsibilities for HSE Auditing in Shell were first outlined in the note from HSE to
Co-ordinators dated 2 November 1987. These have been refined with experience and discussion and
the principles stated by Legal in the context of Operating/Service Company relationships.
The reorganisation of the Service Companies (ServCos) entails some modification to the interplay
between the various parties involved in HSE audits. The basic principles underlying HSE audits
remain unchanged. For the sake of clarity, they are summarised in this note.
1.2 Intent
These corporate guidelines provide the basis for establishing individual HSE audit policies and plans
for Operating Companies (OpCos) and are intended for General managers and senior managers
accountable for OpCo HSE performance or involved in HSE auditing.
The guiding principle for HSE audits is that it is an OpCo management responsibility to conduct or
have conducted HSE audits1) . The BusComs will monitor that OpCos have a structured programme
for HSE audits in place.
These Guidelines on HSE Auditing are consistent with Group Internal Audit Guidelines.
1.3 Purposes of HSE audit

The overriding purpose of HSE auditing should be to provide OpCo management a systematic and
independent assessment of the consistent and effective implementation of the HSE-MS. The HSE
audit process should enable OpCo management to ensure that potential or actual flaws are remedied
through effective follow-up action. BusComs will monitor this (in their shareholder role) and may
insist that follow-up action is completed or improved where necessary.
1.4 Role of Service Company (ServCo) as auditor

OpCos will usually engage HSE advisers in the Service Companies to conduct independent HSE-MS
audits2) . This will take place under the umbrella of a Service Agreement (as the case may be, a
1 ) H SE audits of joint ventures will depend on the contractual arrangements, in particular the extent of
involvement of Shell companies or staff in the operation or management of the joint venture, as covered in
Associated Company Guidelines.
2 ) Independent HSE-MS audit has been used here to mean an HSE audit of a Company earned out by a

Appendix I
Guidelines for the Application of Health, Safety and Environmental (HSE) Auditing
general Technical Service Agreement or an ad hoc agreement).

The role of ServCo staff as auditor in respect of follow-up action will be as agreed between the OpCo
and ServCo. Where necessary, the BusCom will insist that it is the OpCo's responsibility to take
remedial action.
2 Criteria
Due diligence requires that:
 HSE auditing shall be a responsibility of the management of each OpCo.
 hareholders will expect OpCos' audit programmes to include independent HSE audits.
 The depth and frequency of HSE audits will be based on an assessment of the various HSE
risks.
 Terms of reference, scope, objectives and time-table shall be agreed and specified.
 The competence of auditors shall be assured and verified.
 The audit report shall be a formal and independent document.
 Specificity and transparency of the audit shall be the key.
 Findings shall be detailed and effective.
 Follow-up actions shall be defined and secured.
 Monitoring of follow-up shall be an integral part of the auditing process.
3 Application
Each of the criteria is expanded below, to explain how it should be met.
3.01 HSE auditing shall be a responsibility of the management of each

OpCo
The OpCo shall have an explicit HSE audit policy and plan covering all activities and carried out to
specified standards. The numerous differences of activities in the OpCos may result in a wide range of
approaches. OpCo HSE audit guidelines shall cover how the frequency of HSE audits is to be
determined. Audit frequency for an activity shall not be longer than 5 years. The OpCo integrated 5
year plan, including HSE audits shall be reviewed by the BusCom.
3.02 Shareholders will expect OpCos' audit programmes to include

independent HSE audits
The OpCo's internal HSE audit procedures shall be reviewed as part of Group Business Control
Reviews for adequacy and effectiveness. OpCo management should plan and carry out internal
assessments of HSE audit effectiveness and be audited/appraised on this process.
OpCo audit guidelines will identify the proportion of the total HSE audits to be independent audits,
within BusCom guidelines. A formal agreement between the OpCo and ServCo or external auditors
shall be in place covering responsibilities, liabilities and the criteria used for the audit, and be cited in
body which is not part of that Company. It covers OpCo audits led by either a ServCo (functional audit) or
by a non-Group organisation (external audit) An independent audit may benefit from the inclusion of Opco
staff in the team but the lead auditor, his team composition and the audit standards and technique followed
should be selected by the auditing organisation

the audit report.

Independent audits shall verify the internal HSE audit process, testing reports, working files and
implementation control, with sufficient sampling of operations to test effectiveness. OpCos too small
for effective internal audit shall make use of independent auditors.
To qualify as one of the required independent HSE audits, the standards of an external audit shall be
compatible and comparable with BusCom standards. HSE audits which may be imposed by external
authorities should be integrated in the plan to avoid unnecessary duplication but must meet the Group
standard in order to qualify as an independent audit. In exceptional cases, where provided for by
Agreements, shareholders may carry out Shareholder HSE Audits(e.g. in Joint Ventures).
3.03 The depth and frequency of HSE audits will be based on an

evaluation of the various HSE risks
The objective of HSE auditing is to provide reasonable assurance to management that HSE risks have
been identified and an appropriate framework of controls is in place and effective. These guidelines
cover the integrity of the audit system and the professionalism of the auditing; but how the audit
system is applied to the various business activities depends on analysis of the HSE risks of those
activities.
All business processes should be periodically audited, and the frequency and depth of HSE auditing of
a particular activity should be appropriate for the degree of potential HSE risk. Audit frequencies shall
also be related to the findings of previous audits.
In many OpCos a formal HSE-MS, with HSE Cases for critical activities, is the mechanism for such
identification and control of risk and HSE audit is an important part of any HSE-MS. Until HSEMS is
effectively in place, HSE audits should be programmed to provide assurance that the HSE risks are
being effectively managed.
Only OpCo management can fully assess their local circumstances and select the appropriate
frequency and depth of auditing appropriate for each activity. This selection shall be formal and
transparent, and shall be regularly reviewed to take account of experience of incidents and changes in
the OpCo's environment. An audit cycle should not be longer than five years as in that time major
changes may have taken place and the consequences for the integrity of the control framework need to
be verified.
Having established the total long term audit plan, the OpCo should identify the proportion to be
independent audits as opposed to internal audits, within such guidelines as may be issued by the
BusCom. These audits provide independent verification of the effectiveness of the OpCo HSE-MS,
including internal HSE audit, and the strength of the framework of control.
The OpCo also needs to assess the level of control it has, which is related to work force attitude,
degree of supervision, geographical scatter, communications and the quality of business controls in
place as evidenced by previous audits. At the same level of risk a low level of control requires a
higher frequency or intensity of audit.
3.04 Terms of reference, scope, objectives and time-table shall be agreed

and specified
An OpCo audit standard shall specify terms of reference, scope, objectives and timetable for typical
internal audits. Variations from this for a specific audit shall be formally agreed by the OpCo Internal
Audit Committee (IAC) and auditee before the audit starts.
The audit standard set by BusCom for terms of reference, scope, objectives, and timetable will be
followed for ServCo led audits except where specific variations have been agreed beforehand by both
the OpCo IAC and ServCo team leader.
The minimum standard for HSE management systems shall be compliance with statutory

Appendix I
requirements, Group Policy and other corporate Group Guidelines and OpCo standards.
The OpCo HSE Management System scope and content shall be assessed by comparison with the
Group model, including control of technical integrity. Its effectiveness shall be assessed against
BusCom's HSE Management System objectives.
3.05 The competence of auditors shall be assured and verified

The OpCo shall have explicit standards for the audit qualifications of leaders of internal HSE audits
and for the technical expertise of team members. The selection of leader and team members shall
ensure independence of the audited activity. The OpCo standard audit technique shall be consistently
followed.
HSE audit leaders shall be qualified to Group standards including training in the standard audit
technique recommended by BusComs.
Feedback on the quality of audit execution, reporting and recommendations will be included in the
competence assurance of audit leaders. The auditee's supervisor feedback shall be solicited on audit
effectiveness.
3.06 The audit report shall be a formal and independent document.

Internal audit reports shall be OpCo documents in standard format with controlled circulation and
filing.
Independent audit reports shall be Company to Company documents with the status of formal advice
from the lead auditor's organisation. The OpCo may comment on the draft report, through its
members of the team or through the auditee to the team leader but cannot override the teamleader's
responsibility for the final report.
For both internal and independent HSE audits, the report shall be agreed by all the team members,
though audit leaders shall have editorial control and a deciding vote in case of disagreements.
3.07 Specificity and transparency of the audit shall be the key

The audit shall provide an audit trail, either maintaining a confidential working file of evidence to
support the findings and recommendations of the report or using the full text format, with samples,
findings and deficiencies complete in the report. The report shall identify all significant deficiencies
against standards, and recommendations shall be as specific as the expertise of the team allows. Each
recommendation shall be uniquely identified, and prioritised.
The report shall provide an overall rating of HSE controls against specific standards using a defined
technique.
3.08 Findings shall be detailed and effective

The system failure, as well as the immediate cause of each deficiency, shall normally be identified
and corrective action detailed.
Deficiencies shall be systematically related to weaknesses in the management system, and major
deficiencies shall be analysed in a consistent summary form for the OpCo.
Each recommendation for action shall be discrete, specific, clear, realistic and measurable as to its
completion.
3.09 Follow-up actions shall be defined and secured

An internal control system shall maintain an audit trail, recording the change of status of each
outstanding recommendation until all recommendations are closed out to the Internal Audit

Committee's (IAC) satisfaction. The line shall formally approve or reject justifications for rejecting or
varying audit recommendations. Periodic internal audits of the implementation process will be
included in the plan.
Approved justifications of variations or rejections of independent audit recommendations will be
copied to the audit teamleader to avoid misinterpretation of recommendations.
Independent audits will include assessment of the implementation of the recommendations of
previous independent audits.
3.10 Follow-up shall be an integral part of the auditing process

An OpCo follow-up co-ordinator shall be nominated for every audit. Regular collated implementation
progress reports shall be sent to the IAC or included in the OpCo Management Information Systems
(MIS). The IAC shall review the progress of implementation at each meeting and shall provide a
mechanism for the identification and implementation of lateral action within the OpCo.
BusComs will monitor the implementation progress for independent audits, as a minimum reviewing
numerical progress reports annually. The BusCom audit committee shall review overall
implementation progress by each OpCo annually and provide a mechanism for identification and
implementation of learning points between OpCos.
July 1996

Appendix I

APPENDIX II
HSE-MS AUDIT REPORT - MODEL CONTENTS LISTING
1 EXECUTIVE SUMMARY
1.1 Introduction
1.2 Scope
1.3 Main findings
1.4 Audit opinion
2 AUDIT ADMINISTRATION
2.1 Terms of reference

2.1.1 Objective
2.1.2 Scope
2.1.3 Standards
2.1.4 Auditee
2.1.5 Methodology
2.2 Follow-up to the audit

2.2.1 Approach
2.2.2 Classification of actions
2.2.3 Classification of follow-up progress
3. HSE MANAGEMENT SYSTEM
3.1 Leadership and commitment

3.1.1 Management leadership and commitment
3.1.2 Leadership and commitment in the line
3.2 Policy and strategic objectives

3.2.1 HSE policies
3.2.2 Strategic objectives
3.3 Organisation and responsibilities

3.3.1 Organisation structure
3.3.2 Definition of responsibilities and empowerment
3.3.3 Relations with authorities
3.3.4 Management of change
3.4 Manpower resources and competence assurance

3.3.1 Manning levels
3.3.2 Definition and verification of competence requirements
3.3.3 Training

Appendix II HSE-MS Audit Report - Model Contents Listing
3.3.4 Staff experience and turnover
3.5 Hazards and effects management process

3.5.1 Hazard identification and assessment
3.5.2 Risk reduction and demonstration of ALARP
3.5.3 Management of residual hazards and effects
3.5.4 HSE Case
3.6 Planning
3.6.1 Corporate level planning
3.6.2 Process level planning
3.6.3 Activity and task level planning
3.6.4 Contingency and emergency planning
3.7 Standards, procedures and document control

3.7.1 Standards and legislation
3.7.2 Procedures
3.7.3 Contracting standards and procedures
3.7.4 Management of change
3.7.5 Document control
3.8 Implementation and monitoring

3.8.1 Activity and tasks
3.8.2 Monitoring and records
3.8.3 Non-compliance and corrective action
3.8.4 Incident investigation reporting
3.8.5 Communication and motivation
3.9 Audit
3.9.1 Corporate auditing
3.9.2 Departmental and contractor auditing
3.9.3 Audit follow-up
3.10 Management review

3.10.1 Review and inspection programme and follow-up
3.10.2 Review of external factors

4 HSE IN THE BUSINESS

This section of the report is specific to the audit type. The audit leader should therefore select
the correct listing for Section 4 from the selection shown below:
Audit Type
Facilities (incl start-up) Appendix 2a
Seismic Appendix 2b
Drilling Appendix 2c
Environmental Appendix 2d
Occupational Health Appendix 2e

Appendix II HSE-MS Audit Report - Model Contents Listing

APPENDIX IIa
SECTION 4 - FACILITIES AUDITS
4.1 Containment
4.1.1 Wells, flowlines and manifolds
4.1.2 Process systems
4.1.3 Flaring and venting systems
4.1.4 Drains systems
4.1.5 Pipelines
4.1.6 Product storage and loading facilities
4.1.7 Inspection and corrosion management
4.1.8 Emission control, effluent and waste management
4.2 Control of ignition

4.2.1 Layout, equipment spacing and Hazardous Area Classification (HAC)
4.2.2 Electrical equipment and systems
4.2.3 Fired heaters and combustion engines
4.2.4 Access control and security
4.3 Safeguarding systems

4.3.1 General controls
4.3.2 Control, alarm and shut-down systems
4.3.3 Pressure relief equipment
4.3.4 Blowdown systems
4.3.5 Gas detection (flammable and toxic)
4.3.6 Smoke, heat and fire detection
4.3.7 Leak detection
4.4 Operator/process interfaces

4.4.1 Wells, process and facilities surveillance
4.4.2 Plant buildings and control room
4.4.3 Telecommunications equipment
4.5 Personnel emergency services

4.5.1 POB control and emergency induction
4.5.2 Emergency escape, evacuation and drills
4.5.3 Medical and first-aid facilities
4.6 Fire hazard management

4.6.1 Policy, procedures and plans
4.6.2 Passive fire protection facilities
4.6.3 Fixed fire protection and firefighting facilities
4.6.4 Mobile and portable firefighting facilities
4.6.5 Firefighting preparedness
4.7 Workplace practices

Appendix IIa Section 4 - Facilities audits
4.7.1 Permit To Work (PTW) system

4.7.2 Maintenance
4.7.3 Isolation practices
4.7.4 Process interlocking control practices
4.7.5 Housekeeping
4.8 Occupational health

4.8.1 Health risk assessment
4.8.2 Noise and vibration
4.8.3 HVAC and lighting
4.8.4 Radiation heat stress
4.8.5 Ergonomics
4.8.6 Materials selection and handling
4.8.7 Accommodation and sanitation
4.8.8 Personnel protection equipment
4.8.9 Welfare provisions
4.9 Transport and logistics

4.9.1 Land transport
4.9.2 Marine transport
4.9.3 Air transport
4.9.4 Cranes and lifting equipment
4.10 HSE in engineering

4.10.1 Design reviews and HAZOP
4.10.2 Environmental and social impact
4.10.3 Occupational health in facilities design
4.10.4 Construction and commissioning
4.10.5 Purchasing controls
4.10.6 Technical documentation and records
4.10.7 Change and variance control

APPENDIX IIb
SECTION 4 - SEISMIC AUDITS
4.1 Health
4.1.1 Health Risks Assessment (HRA)
4.1.2 Risk control measures
4.1.3 Medical checks
4.1.4 Medical records
4.1.5 Health promotion
4.1.6 Medevac response
4.2 Environmental effects and control

4.2.1 Environmental Assessment (EA) process
4.2.2 Seismic land operations effects and controls
4.2.3 Waste management
4.2.4 Spill control
4.2.5 Marine operations effects and control
4.2.6 Impact of operations on local communities
4.3 Land operations base camps

4.3.1 Camp access and lay out
4.3.2 Kitchen
4.3.3 Electrical systems
4.3.4 Workshop
4.3.5 Fuel handling
4.4 Security
4.5 Transport in land operations

4.5.1 Scope and resources
4.5.2 Safety features and equipment
4.5.3 Maintenance
4.5.4 Personnel selection, training and control
4.5.5 Journey management and procedures
4.5.6 Operating procedures
4.6 Emergency equipment

4.6.1 Communications
4.6.2 Firefighting
4.6.3 Maritime emergencies
4.7 Seismic line operations (land)

4.7.1 General seismic line safety
4.7.2 Surveying and line cutting
4.7.3 Drilling
4.7.4 Recording

Appendix IIb Section 4 - Seismic audits
4.8 Explosives storage and handling

4.8.1 Storage
4.8.2 Record-keeping, distribution and handling
4.8.3 Transport to field
4.8.4 In field storage, distribution, handling
4.8.5 Shot hole loading
4.8.6 Shooting
4.8.7 Misfires
4.9 Marine vessels

4.9.1 General
4.9.2 Vessel maintenance
4.9.3 Uncontrolled hazards and housekeeping
4.9.4 Chase vessel
4.9.5 Firefighting
4.9.6 Life saving equipment and procedures
4.9.6 Shore based logistics
4.10 Marine Seismic Operations

4.10.1 Use of small boats
4.10.2 Back-deck operations

APPENDIX IIc
SECTION 4 - DRILLING AUDITS
4.1 Well Control

4.1.1 Technical well design
4.1.2 BOPs
4.1.3 Accumulator unit
4.1.4 Choke manifold
4.1.5 Mud-gas separator
4.1.6 Degasser
4.1.7 Well control procedures
4.1.8 Kick drills and stripping exercises
4.1.9 Emission control
4.1.10 Simultaneous (concurrent) operations
4.2 Control of Ignition

4.2.1 Hazardous Area Classification (HAC)
4.2.2 DC motor blowers
4.2.3 Electrical equipment
4.2.4 Portable electrical equipment and power supply
4.2.5 Generator, motor and compressor rooms
4.3 Detection, alarms and shut-down systems

4.3.1 Fire detection
4.3.2 Flammable gas detection
4.3.3 H2S detection
4.3.4 Fire and general alarms
4.3.5 ESD systems
4.3.6 Ballast / control room
4.4 Rig equipment

4.4.1 Rig specifications and modifications
4.4.2 Location design / restoration
4.4.3 Slush pumps and mud system
4.4.4 Derrick, hoisting and rotary equipment (including topdrive)
4.4.5 Auxiliary brake
4.4.6 Rig floor equipment
4.4.7 Driller's console
4.4.8 Winches
4.4.9 Pressurised tanks
4.5 Lifesaving, fire protection and firefighting facilities

4.5.1 Firefighting facilities
4.5.2 Evacuation and escape plan
4.5.3 First aid and medical facilities
4.5.4 Emergency generator

Appendix IIc Section 4 - Drilling audits
4.6 Workplace procedures

4.6.1 Permit To Work (PTW)
4.6.2 Personal Protective Equipment (PPE)
4.6.3 Toolbox meetings
4.6.4 STOP, UAA and JSA
4.6.5 Deficiency register
4.6.6 Maintenance
4.6.7 Change control
4.6.8 Housekeeping
4.6.9 Waste management
4.6.10 Chemical management
4.7 Occupational health

4.7.1 Noise
4.7.2 Chemicals
4.7.3 Lighting
4.7.4 Accommodation
4.7.5 Eye wash and deluge facilities
4.7.6 Radioactive sources
4.8 Transport and materials handling

4.8.1 Land
4.8.2 Marine
4.8.3 Air
4.8.4 Cranes and lifting equipment
4.8.5 Forklift truck
4.9 Service contractors

4.9.1 Mud engineering
4.9.2 Electric wireline logging
4.9.3 Cementing and pumping services
4.9.4 Mud logging
4.9.5 Integrated services

APPENDIX IId
SECTION 4 - ENVIRONMENTAL AUDITS
4.1 Environmental Assessment (EA)

4.1.1 General
4.1.2 Role of the Environmental Advisor
4.1.3 Consultation
4.1.4 The EA process
4.1.5 Identification of hazards and effects
4.1.6 Evaluation of controls
4.1.7 Management controls
4.2 Social impact assessment

4.2.1 Demographic impacts
4.2.2 Socio-economic impacts
4.2.3 Health impacts
4.2.4 Impact on social infrastructure and resources
4.2.5 Psychological and cultural community impacts
4.2.6 Mitigation and monitoring
4.3 Waste management

4.3.1 Management systems
4.3.2 Responsible disposal
4.3.3 Control and monitoring
4.3.4 Applied practices
4.4 Effluent control

4.5 Emission control

4.6 Logistics and materials

4.6.1 Transport
4.6.2 Chemicals and hazardous materials
4.7 Engineering
4.7.1 Project management
4.7.2 Design
4.7.3 Construction/commissioning

Appendix IId Section 4 - Environmental audits
4.8 Decommissioning, abandonment, restoration

4.8.1 Legislation, planning and evaluation
4.8.2 Program implementation
4.8.3 Monitoring
4.9 Contingency planning and preparedness

4.9.1 Policies and plans
4.9.2 Oil spills
4.9.3 Other environmental emergencies

HSE Manual EP 95-0130 Appendix IIe Section 4 - Occupational health audits
APPENDIX IIe
SECTION 4 - OCCUPATIONAL HEALTH AUDITS
4.1 Health risk assessment

4.1.1 Chemical agents
4.1.2 Physical agents
4.2 Health risk control

4.2.1 Engineering controls
4.2.2 Procedural controls
4.2.3 Personal protective equipment
4.3 Human factors (ergonomics)

4.3.1 Management of ergonomics
4.3.2 Implementation at the workplace
4.3.3 Working hours / working cycles
4.4 Life style

4.4.1 Alcohol and drugs abuse
4.4.2 Smoking
4.4.3 AIDS
4.4.4 Fitness standards
4.5 Public health (living environment)

4.5.1 General housing and living facilities
4.5.2 Sanitary facilities
4.5.3 Catering and food hygiene
4.5.4 Drinking water
4.5.5 Pest and vector control
4.5.6 Disease prevention
4.5.7 Environmental health (community health)
4.6 Health surveillance and monitoring
4.7 Medical emergency response and treatment facilities (recovery)

4.7.1 Medical emergency plan and first-aid procedures
4.7.2 Company facilities
4.7.3 External facilities
4.8 Health promotion
4.9 Record keeping and reporting

4.9.1 Health performance reporting
4.9.2 Incident investigation
4.9.3 Records and analysis

Appendix III HSE-MS Assessment elements
APPENDIX III
HSE-MS ASSESSMENT ELEMENTS
Audit results should, in principle, be based on the assessment of the elements of the model
HSE-MS which are as follows:
3 Organisation, Responsibilities, Resources, Standards and Documentation
4 HEMP
5 Planning and Procedures
7 Audit
8 Management Review
To aid a balanced assessment the following factors require consideration:

 The third element "Organisation, Responsibilities, Resources, Standards and
Documentation" covers too large a part of the HSE-MS and audit scope and requires
further breakdown.
 The fifth element "Planning and Procedures" contains two separate and important subjects
which merit separate assessment.
 Experience has shown that standards and procedures are frequently integrated within the
same documents (a typical example being the "Safety Manual"). To avoid audit teams
wasting time discussing whether a particular document is a standard or procedure,
standards and procedures need to be assessed together.
 There is a need for focus on the important subject of competence assurance as a sub-
element of "Resources".
For these reasons the audit assessment elements are defined as follows:
3 Organisation and Responsibilities
4 Resources and Competence Assurance
5 HEMP
6 Planning
7 Standards, Procedures and Document Control
9 Audit
10 Management Review
For clarity purposes the report contents (Appendix 2) will be aligned with the assessment elements.

Glossary of Terms and Abbreviations used

ALARP As Low As Reasonably Practicable
Audit A structured independent examination
BusCom Business Committee (as used in Group wide context)
CEP Currently Estimated Potential
EP Exploration and Production
EP04 Technical Auditing Course
EPBM Exploration and Production Business Model
EPS-HE SBS Directorate Health, Safety and Environment function
EU European Union
HEMP Hazard and Effects Management Process
HSE Health Safety and Environment
HSE-MS Health, Safety and Environment Management System
HUET Helicopter Underwater Escape Training
IA Internal Audit
IAC Internal Audit Committee
IAG Internal Audit Guidelines
IAPM Internal Audit Process Model
JG Job Group
N/RBD New and Regional Business Directorate
OpCo Operating Company as used in a Group wide context
OU Operating Unit as used in EP context (previously OpCo)
POB Persons on Board
SA Shell Aircraft
SBS Strategic and Business Services Directorate
SIEP Shell International Exploration and Production
SMART Specific, Measurable, Achievable, Realistic and Time-based
V2FA Managing HSE in the Business (course)

Glossary of terms and abbreviations used

HSE Manual EP 95-0130 References
References
1 Internal Audit Guidelines (December 1995)
2 Statement of General Business Principles (July 1994)
3 Business Control Guidelines (January 1992)
4 HSE Management System (September 1994)
5 EP Business Model - Version 3 - EP 95-7000 (August 1995)
6 EU Environmental Management and Audit Regulation
7 EP Guideline on Audits and Reviews EP 93-1600 (November 1993)
8 EP Business Governance Guide (July 1996)
9 Audit and Review Services Guide - EP 96-2021 (Final Draft July 1996)
58 Revision

Manual For SIEP-led HSE Auditing

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Manual For SIEP-led HSE Auditing

Uploaded by

Copyright:

Available Formats

Shell International Exploration and Production B.V.

Manual for SIEP-

Revision 0: 1 August 1996

Section Number: EP 95-0130

Rev. Chapter Description of amendment Date Amended

0 All First Issue 1/8/1996 EPS-HE

CONTENTS 12.1 Staffing 33

1 Rationale for Independent HSE-MS Appendices

2 The Internal Audit Process 5 Glossary of Terms and Abbreviations

5 Schedule SIEP-led Audits 13

9 Analyse and Improve Process 27

10 Assess Overall Control Framework 29

EP 95-0130 Revision 0 1 August 1996 i

This page intentionally left blank.

ii EP 95-0130 Revision 0 1 August 1996

EP 95-0130 Revision 0 1 August 1996 3

This page intentionally left blank.

4 EP 95-0130 Revision 0 1 August 1996

1 Rationale for Independent HSE-MS Auditing

1.2 Purpose of HSE Audits

1.3 Objective of SIEP-Led Audits

EP 95-0130 Revision 0 1 August 1996 5

1.4 Business controls and HSE-MS Auditing

The HSE Management System

Policy and Strategic Objectives

Hazard and Effects Management

Audit Corrective Action &

Corrective Action &

6 EP 95-0130 Revision 0 1 August 1996

2 The Internal Audit Process

Initiate Improvements Assess Overall Control

EP 95-0130 Revision 0 1 August 1996 7

This page intentionally left blank.

8 EP 95-0130 Revision 0 1 August 1996

3 Direct the Audit Process

EP 95-0130 Revision 0 1 August 1996 9

This page intentionally left blank.

10 EP 95-0130 Revision 0 1 August 1996

4.1 HSE Audit philosophy and programme

4.2 Frequency of HSE Audits

4.3 Standard HSE Audit packages

EP 95-0130 Revision 0 1 August 1996 11

 Occupational Health audits

Opco Management - Health Occupational

Materials & Transport Activity

Drilling & Well Operations Drilling

12 EP 95-0130 Revision 0 1 August 1996

4.4 Formulation of HSE Audit plans

4.5 Duration of HSE Audits

EP 95-0130 Revision 0 1 August 1996 13

14 EP 95-0130 Revision 0 1 August 1996

5 Schedule SIEP-led Audits

5.1 Terms of reference

EP 95-0130 Revision 0 1 August 1996 15

excluding named up- and down-stream pipelines and adjacent facilities.

Auditee and Co-ordinator

Methodology and structure

16 EP 95-0130 Revision 0 1 August 1996

5.2 Audit team composition

EP 95-0130 Revision 0 1 August 1996 17

18 EP 95-0130 Revision 0 1 August 1996

6.2 Opening presentations and team briefing