Internal Auditing Of Pipeline Integrity Management Programs

Christopher A. Pioli, Group Manager, Jacobs Consultancy Inc.

Progress is impossible without change, and those who cannot change their minds cannot change anything. - George Bernard Shaw

Abstract Arrival of the new pipeline integrity management rule and its process-based requirements call for a fresh look at auditing methods and techniques. Gone are the days of auditing just to assure regulatory compliance, an audit of an operators pipeline integrity management program needs to go beyond verification of program compliance. Does your internal auditing team have the right stuff to conduct a process improvement audit of your pipeline integrity management Program? This paper presents an overview of the auditing process and an auditing technique used to assess and promote pipeline integrity management programs continual improvement.

Introduction Enron, WorldCom, and other scandals of prominent firms have resulted in a great loss of public confidence in corporate financial and accounting auditing practices. In a major effort to rebuild public trust in corporate business practices and reporting and to prevent accounting scandals and other reporting problems from recurring, Congress enacted the Sarbanes-Oxley Act of 20021 on July 30, 2002. A primary objective of Sarbanes-Oxley is to identify and encourage certain behaviors of company executives, boards of directors, and independent auditors that are intended to result in more reliable, timely, and useful information to assist stakeholders in their decision-making process. Bellingham, Carlsbad, and other local transmission and distribution related incidents have resulted in a similar loss of regulatory and public trust in the reliability and safety of our nations pipeline infrastructure. Like Sarbanes-Oxleys impact on company executives, the Pipeline Integrity Management Rule2, promulgated by the Office of Pipeline Safety, promises to have a similar impact on the organization. A primary objective of the pipeline integrity rules is the requirement for operators to develop a comprehensive pipeline integrity management program intended to result in ongoing improvement in safety, reliability, and timely information to assist operators in their decision-making process. Objective and independent audits are as important today as ever. Transmission and distribution companies will need to conduct audits capable of assessing, monitoring, and promoting continual improvement. A continual improvement audit is an independent and objective study of an organizations
1

U.S. Congress, Sarbanes-Oxley Act of 2002, Pub. L. 107-204, 116 Stat. 745 (2002). Pipeline Integrity Management in High Consequence Areas (Gas Transmission Pipelines), 18228 Federal Register Vol. 69, No. 66, Tuesday, April 6, 2004 / Rules and Regulations

system integrity process. Whereas financial and other audits are about checking conformance to a standard or compliance with rules and regulations, the continual improvement audit goes beyond this, identifying strengths and weaknesses, and moving toward progressive performance improvement. Audit Process The origins of auditing go back to ancient timesBabylonia, Greece, the Roman Empire, the City States of Italy, etc. At that time, official announcements of the authorities were communicated by messengers. To ensure that the announcements were communicated correctly, messengers were accompanied by auditors (from the Latin word audire, meaning to hear). They were the authorities eyes and ears. The auditor stood as witnesses to whether the messages were disseminated fully and correctly, and then reported to the authorities on whether the messenger did a good job. Today, audits are the basis for independent internal or third-party assessment of management systems. One definition of an audit is the systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled3. Figure 1 illustrates a general audit process and its associated activities, purposes, methods, and flow.

Figure 1 General Audit Process STEP 1 Gathering Sources of Information

Document Review Interviews

STEP 2 Sampling

STEP 3 Verifying Audit

STEP 4 Evaluating Audit Findings

Graphic Numeric Comparative

STEP 5 Reviewing Audit Conclusions

Presentation Report

Data
Selected Random

Evidence
Observations Interviews Documents

Gathering. This step involves identifying the sources of information (by means of information requests or interviews) pertaining to the subject audit and collecting relevant information, e.g. polices, procedures, standards. Sampling. Given real world constraints of time and money, it is not possible to review and analyze all the available information. Use of statistically valid sampling techniques (e.g., simple random sampling, stratified sampling, cluster sampling, etc.) is a necessary and important step in obtaining data that can be used to develop unbiased, supportable conclusions.

ISO 19011 - Guidelines for Quality and Environmental Management Systems Auditing,

Verifying. Verification is typically accomplished by obtaining the source documentation, conducting additional interviews, or by direct observation. Data and information are validated or corroborated before being evaluated. Verifiable data or information is called audit evidence. Evaluating. In this step, analysis of audit evidence is conducted to: identify any deviations from expected values; put the data and information into proper context; or extrapolate results to gain knowledge. Graphic, numeric, and comparative analytic techniques are used. Comparative techniques include benchmarking and best practices. Reviewing. The audit results, conclusions, and any recommendations are documented in a formal report or presentation. This report is presented to decision makers so they can gain understanding, acceptance, and support of the underlying findings, resulting conclusions, and actionable recommendations. Employing this process or a similar audit process, companies perform various internal audits: financial and accounting audits, process audits, regulatory compliance audits, and other management system audits such as environmental, health, safety (EHS) audits. These audits vary, not only in purpose, but also in their depth of investigation. Audits are typically either characterized as diagnostic, comprehensive, or focused. Diagnostic audits are completed over a relatively short period, looking for systemic issues. The diagnostic audit can lead to focused and comprehensive audits. A comprehensive audit studies a number of specific processes, systems, or functions. Focus audits are more narrowly directed at a specific issue or process. Both the comprehensive and focus audits are more data intensive and time consuming than a diagnostic audit, but yield specific actionable recommendations. As audits and the auditing process have evolved, the auditor has an ever-broadening set of responsibilities and need for additional skills. Some of the responsibilities of an internal or third-party auditor are to provide: Independence and impartiality of the audit, Truthful and accurate reporting, Objectivity in developing audit conclusions and recommendations, Basic fairness and integrity.

Some of the competencies and skills an auditor needs include: Ability to gain the trust of any individual or organization, Experience and education to make sound judgments, Analytical and critical thinking skills, Use of a broad array of audit procedures for selection, collection, evaluation, and documentation of audit evidence, including the use of statistical and non-statistical induction, Critical aptitude to understand any process or system, Application of rational methods for reaching reliable and reproducible audit conclusions in a systematic audit process, Awareness and understanding of cost and materiality implications of risk, opportunity and audit evidence related to the individual, system, and organization, Application of diligence in auditing.

To continue to exist and bring greater value to the organization and its stakeholders, companies are recognizing the expanding role auditing plays in achieving strategy objectives and their need to resource its auditing activities. While some companies have increased their internal auditing staff, other firms are supplementing their internal auditing with outside third-party auditors, and still others are outsourcing a

portion or all of their internal auditing function. objective, and defensible audit.

Outsourcing can help to insure an independent,

Pipeline IM Program Audit As mentioned above, audits provide the basis for independent third-party assessment of management systems. An operators pipeline integrity management program is one such management system. A cornerstone of all pipeline integrity management programs is continual improvement. The idea of continual improvement is not new to gas transmission and distribution operators; however, most struggle to attain a culture of ongoing improvement. Because it is difficult to achieve, companies need to employ techniques such as auditing to monitor and advance continual improvement. The pipeline integrity management program (or any other management system) audit objectives include: Verify compliance with regulatory requirement, Affirm data and information support processes and activities, Assess conformance with company methods (policies, procedures, and practices), Evaluate the effectiveness of meeting the programs specific program objections, Identify areas of potential improvement.

Continual improvement auditing goes beyond compliance auditing. Verifying that there is a policy, process, or procedure for a specific requirement is relatively straightforward. However, to verify continuous improvement, we need to look at the results of the pipeline integrity management programs various processes such as data analysis, corrective action, preventative and mitigative actions, quality assurance and communication processes. No matter how detailed the written program, comprehensive the data analysis, and robust the performance measurements, unless there is a process or system change, there can be no improvement. Simply put, continuous improvement is about change. Continuous improvement auditing scrutinizes a program or system for change and supporting evidence. A technique for examining continual improvement in a pipeline integrity management program is the ACDP model. This is a variation of the PDCA model used in Total Quality Management. Figure 2 depicts the ACDP model. The first step is to analyze process data for adverse trends. Next, the solution, representing a change in the program, must be justified and documented. Then the deployment of the change is validated. Finally, evidence of program and organization benefits represents the payback. The objective here is to verify that there is improvement, not that specified steps (A!C!D!P) were followed or specified records are filled out completely. Three other useful tools often used in conjunction with ACDP are: The Ishikawa (Fishbone) Diagram (see Figure 3) Pareto analysis Benchmarking

Ishikawa Diagrams are useful in categorizing the audit findings in an orderly manner and in identifying areas of improvement. These diagrams are most often used to systematically distinguish the different causes that can be attributed to a problem (or an effect) and aid in identifying the root-cause(s). The Ishikawa Diagram identifies the process or problem used to study causes or findings (both positive and negative), and categories.

Figure 2 ACDP Model

Analyze: Are analytic techniques being used to identify improvement opportunities?

Payback: Has there been a payback to the program in effectiveness and efficiency improvements?

ACDP Model
Change: Are changes to processes, methods, criteria, measures, technology justified and documented? Deploy: Have funds and resources been deployed, enabling the implementation of improvements?

The Pareto Principle states that only a "vital few" factors are responsible for producing most of the problems. Pareto analysis is a method used to identify those findings or causes that, if addressed, should result in significant process improvement. The tool is also useful in assessing if the change(s) implemented addressed the key factors underlying the problem. Figure 3 Ishikawa (Fishbone) Diagram
Methods Technology Materials People Budget

+
Findings or Causes

Pipeline Integrity Management Program

Process or Problem

Policies

Environmen

Suppliers

Skills

Regulations

Benchmarking is another audit tool used to advance continual improvement. Benchmarking is an integral part of a continual improvement audit, but should also be an integral part of the pipeline integrity management program. Change and deployment requires management buy-in. The continual improvement audit therefore must assess managements commitment. One valuable tool used to assess management and non-management perceptions is an organization survey. This type of survey provides valuable insight into the perceived versus actual culture of the organization, utility of peoples abilities/talents, leadership, resourcing, stakeholder focus, preventative practices, and continual improvement. Lastly, this is not change for the sake of change, but rather ongoing, fact-based change to improve the programs, and therefore organizations, effectiveness. Not all changes implemented achieve their expected payback. The continual improvement audit compares the expected and actual impact changes to pipeline integrity management programs.

Summary A pipeline integrity management audit is a systematic and documented process for obtaining audit evidence and evaluating it to determine the extent to which the program criteria are fulfilled. The individuals, whether internal staff or third-party auditors, should be independent, objective and knowledgeable in system integrity issues, auditing techniques, and quality practices. A continual improvement audit goes beyond simply verifying compliance with regulations. The audit scrutinizes pipeline integrity management processes and program results for change. Without change, there can be no improvement. Continual improvement auditing is an important keystone to attaining and sustaining continuous improvement in pipeline integrity management programs.

References Auditing for Continual Improvement: A Process For Adding Value, J.P. Russell, Internal Auditing: History, Evolution, And Prospects, Sridhar Ramamoorti, The Institute of Internal Auditors ISO 19011 - Guidelines for Quality and Environmental Management Systems Auditing