CP-122, Chapter 7 - PDO

AuditCHAPTER 7 3/71.4 Background - AuditPDO has established and maintains an HSE audit programme and procedures in line with theGroup, international and regulatory requirements as listed below.PDO BUSINESS POLICIES require- A systematic approach to HSE management shall be applied to achieve continuous improvement in themanagement of the risks to health and safety of employees and contractors and continuous reduction in theimpact of operations on the environment (PL 38 Health Safety and Environmental Protection).- Compliance with the Company’s control frameworks shall be systematically and rigorously assessed byindependent internal and where appropriate, external audits and review (PL 12 Audit and Review).INTERNATIONAL ORGANIZATION FOR STANDARDIZATION (ISO) Standard for Environmental ManagementSystems, ISO 14001, requires organisations to establish and maintain programmes and procedures for periodicenvironmental management system audits to be carried out, in order to:- Determine whether or not the environmental management system conforms to planned arrangements forenvironmental management, including the requirements of the Standard.- Determine that the environmental management system has been properly implemented and maintained.- Provide information on the results of audits, to management.ROYAL DUTCH/SHELL GROUP Group Procedure for an HSE Management System requires that an auditprogramme shall be in place to review and verify effectiveness of the management system. It shall include auditsby auditors independent of the facility or process audited. Audit follow-up shall be timely, thorough and auditable.SHELL INTERNATIONAL EXPLORATION AND PRODUCTION (SIEP) HSE Manual: Health, Safety and EnvironmentalManagement Systems (EP 95-0100) requires Operating Companies to maintain procedures for HSE audits to becarried out, as a normal part of business control, in order to determine:- Whether or not HSE management system elements and activities conform to planned arrangements and areimplemented effectively.- The effective functioning of the HSE Management System in fulfilling the Company’s HSE policy, objectives andperformance criteria.- Compliance with relevant legislative requirements.- Identification of areas for improvement, leading to progressively better HSE management.2.0 AUDIT2.1 The Audit TeamPersonnel on the audit team must be independent of the facility or process audited, and may besourced from within PDO or externally.People conducting HSE audits should be appropriately trained to be able to carry out the taskobjectively, impartially and effectively.Audit team members should be selected so that their skills and knowledge are appropriate to theaudit type and scope. The audit team has should have:● A broad knowledge of HSE matters.● Adequate independence from the activities being audited, to enable objective and impartial judgement.● Operational experience in the area being audited.HSE - MANAGEMENT SYSTEM MANUAL Embedding HSE into our business REV 4.0 CP 122

PART 2ELEMENTS OF THE HSEMANAGEMENT SYSTEM4/7 CHAPTER 7● The necessary expertise and experience in auditing practices and disciplines.● Specialist HSE or other technical expertise or support, if necessary, from a wider range of specialists.● The support and authority from management to procure the necessary information.In order to maintain independence and objectivity, the Audit Team Leader and the majority of theaudit team should not have a direct reporting line to the Principal Auditee. In addition, theminimum competency requirements of the Audit Team Leaders for Level 1 Audits are:● Completion of an EP 04 Technical Auditing course or equivalent.● Participation in one corporate HSE audit as a team member.● Job group 3 level or above, with a CEP of 2 or above.● Deemed to be competent to lead audits by the Corporate HSE Audit Advisor.2.2 Frequency of AuditAll business processes should be periodically audited, with the frequency and depth of HSEauditing being determined based on:● The level of risk for the activity.● How critical the process or activity is, in relation to PDO’s business objectives.● The contribution or potential contribution of the activity concerned to PDO’s overall HSEperformance.● The results of previous audits.All business processes activities and assets should be audited within the audit cycle. The auditcycle should not be longer than five years, as it is likely that major changes may have taken placeduring that time.2.3 Audit ToolsSIEP‘Auditkit’Auditkit contains a set of tools to aid an Audit Team Leader to conduct an audit.It includes sample slide presentations, questionnaires, templates andguidelines that can be customised and supplemented by the Audit Team Leaderto suit the individual audit requirements. Further guidance on conducting auditscan be found in EP 95 0130 Audit.HSEInspectionGuideGU 441 HSE Inspection Guide, contains checklists and tools for use in conductingHSE Inspections (e.g. Joint Management HSE Inspections)The Royal Dutch/Shell Group Risk Assessment Matrix document contains the WeaknessClassification Overlay which standardises the classification of identified weaknesses in termsequivalent to the SIEP Internal Audit Guidelines. This overlay is shown below and can be used toprioritise audit findings.CP 122 REV 4.0 HSE - MANAGEMENT SYSTEM MANUAL Embedding HSE into our business

AuditCHAPTER 7 5/7Weakness Classification OverlayIn prioritising audit findings the risk presented by failing controls can be plotted in this matrix.CONSEQUENCESSeverity People Assets Environment Reputation ANever heardof in E&Pindustry0 No healtheffect/injury1 Slight healtheffect/injury2 Minor healtheffect/injury3 Major healtheffect/injury4 PTD* or 1fatality5 MultiplefatalitiesNo damage No effect No impactSlight injury Slight effect Slight impactMinordamageLocaliseddamageMajordamageExtensivedamageMinor effectLocalisedeffectMajor effectMassiveeffectLimitedimpactConsiderableimpactNationalimpactInternationalimpactINCREASING LIKELIHOODLow RiskBHeard of inE&P industryMedium RiskCIncident hasoccurred inPDOHigh RiskDHappensseveral timesper year inPDOSerious RiskEHappensseveral timesper year in alocationPTD* = Permanent Disability2.4 Procedure for AuditACTIONRESPONSIBILITYDevelop HSE Audit Plan – Corporate HSE Audit (Level 1)Coordinate development and implementation of the Corporate HSE auditprogramme.Identify HSE audit units (i.e. assets, services and functions that have apotential to affect the Company’s HSE objectives).Assess the level of HSE risk of each audit unit.Decide the audit frequency for each audit unit, based on the level of HSErisk involved.Prepare a five-year Level 1 HSE audit programme based on the auditfrequencies decided above. Incorporate SIEP-led audits and ISO 14001certification audits into the programme.Incorporate the Level 1 HSE audit programme into the "Five Year IntegratedAudit Programme".Issue the "Five Year Integrated Audit Programme" annually.Develop HSE Audit Plan – Asset Level HSE Audit (Level2)Develop and implement an audit plan sufficient to provide assuranceregarding implementation of the HSE Management System at the Assetlevel. Include this audit plan in the Asset level HSE Plan.CSMCSMCSMCSMCSMIACFAMAsset ManagerHSE - MANAGEMENT SYSTEM MANUAL Embedding HSE into our business REV 4.0 CP 122

PART 2ELEMENTS OF THE HSEMANAGEMENT SYSTEM6/7 CHAPTER 7Establish Terms of Reference (ToR)Prepare ToR for each Corporate HSE audit (Level 1).Prepare ToR for each Asset-level HSE audit (Level 2).Terms of Reference (ToR) for each HSE audit shall be prepared, and agreementsought from the Principal Auditee. As a minimum the ToR shall specify:- The audit objective(s).- The scope of the audit.- Timing and duration of the audit.- Composition of the audit team.- Name and position of the Principal Auditee(the Principal Auditee for Level 2 audits is the Asset Manager).- The audit methodology.Perform HSE AuditsCoordinate the audit activities and assign tasks to audit team members.As a minimum the points listed below shall be covered during the auditalthough their sequence may vary:- Familiarise the audit team with the facility and/or activities.- Review documentation.- Conduct opening presentation if required.- Conduct interviews.- Visit facilities/activities if required.- Formulate audit findings and recommendations and draft the audit report.- Conduct final presentation.- Finalise audit report (refer to EP 95-0130 Audit, for guidance onconducting audits).Prepare Audit ReportAs a minimum the audit report shall contain:- Terms of Reference.- Audit Findings.- Recommendations (if applicable).- Audit Opinion.Distribute Audit ReportFor Level 1 HSE audits, distribute the audit report to:- The IAC, via CSM.- The Principal Auditee.- The Principal Auditee’s line supervisor.- The audit team members.For Level 2 HSE audits, consult with the Principal Auditee (Asset Manager)to determine the audit report distribution list.Follow Up Level 1 AuditRetain and archive corporate HSE audit reports.Ensure audit recommendations are recorded in PDOTRACK (a computerbased system for tracking audit actions).- Seek and agree action parties and target completion dates for allrecommended actions resulting from HSE audits.- Assign a Follow-up Coordinator.CSMAsset ManagerCSM/Asset ManagerAudit Team LeaderAudit Team LeaderCSMAudit Team LeaderCSMPrincipal AuditeePrincipal AuditeeCP 122 REV 4.0 HSE - MANAGEMENT SYSTEM MANUAL Embedding HSE into our business

AuditCHAPTER 7 7/7- Ensure timely completion of action items.- Report progress and completion of action items to the Follow-upCoordinator.- Maintain status and progress data on audit follow-up actions.- Collate audit follow-up progress reports when requested by the PrincipalAuditee.Audit Follow Up – Asset Level HSE Audits (Level 2)Retain and archive asset-level HSE audit reports.Develop a system for tracking Level 2 audit action items.Ensure audit action items are recorded in the Asset Level tracking system.- Seek and agree actions parties and target completion dates for allrecommended actions resulting from HSE audits.- Assign a Follow-up Coordinator.- Ensure timely completion of action items.- Report progress and completion of action items to the Follow-up Coordinator.- Maintain status and progress data on audit follow up actions.- Collate audit follow up progress reports when requested by the AssetManager.Action PartiesFollow-up CoordinatorAsset ManagerAsset ManagerFollow-up CoordinatorAsset ManagerAction PartiesFollow-up Coordinator3.0 REFERENCE DOCUMENTSReference documents used in the writing of this Chapter, which may be used for more information:PDO Policies Health Safety and Environmental Protection PL 38Audit and Review PL 12PDO Codes of PracticePDO HSE Procedures Contract HSE Management Procedure PR 1171PDO HSE SpecificationsPDO HSE Guidelines HSE Inspection Guide GU 441Other PDO Documents PDOTrack User GuideShell Group Documents Internal Audit Guidelines December 1995Group HSE Management System: Appendix 3 "Group Procedure Shell HSE Advisersfor an HSE Management System" Panel, August 1999Group HSE Management System: Appendix 7 "Group HSE Shell HSE AdvisersAudit Guidelines" Panel, July 1996Audit EP 95-0130HSE Manual: Health, Safety and Environmental Management EP 95-0100 Rev 1,Systems (EP 95-0100) Jan 2001Other Requirements Environmental Management Systems – Specification with ISO 14001:1996Guidance for UseREFERENCE DOCUMENTSHSE - MANAGEMENT SYSTEM MANUAL Embedding HSE into our business REV 4.0 CP 122