Enbridge Pipelines Incorporated - Facility Integrity Management CV2526-017

Enbridge Pipelines Incorporated - Facility Integrity Management CV2526-017 [PDF 496 KB]

Executive Summary

The Canada Energy Regulator (CER) expects pipelines and associated facilities within the Government of Canada’s jurisdiction to be constructed, operated, and abandoned in a safe and secure manner that protects people, property, and the environment. To this end, the CER conducts a variety of compliance oversight activities, such as audits.

Section 103 of the Canadian Energy Regulator Act (S.C. 2019, c. 28, s. 10) (CER Act) authorizes inspection officers to conduct audits of regulated companies. The purpose of these audits is to assess compliance with the CER Act and its associated Regulations.

The purpose of operational audits is to ensure that regulated companies have established and implemented both a management system and its associated programs, as specified in the Canadian Energy Regulator Onshore Pipeline Regulations (SOR/99-294) (OPR).

The CER conducted a Facility Integrity Management (Facility IM) operational audit of Enbridge Pipelines Incorporated (Enbridge or the company) between 1 April 2025 and 30 July 2025.

The objective of the Facility IM audit was to assess whether the company’s integrity management program (IMP) as applied to facilities is adequate to avoid and control events which could potentially cause harm to people, property or the environment. The company’s IMP as applied to facilities was assessed in accordance with selected requirements of the OPR in the areas of:

  • Hazard identification, risk assessment and control;
  • Operational control in normal and upset conditions;
  • Organization, competency, and training;
  • Inspection and monitoring and taking corrective and preventative actions; and
  • Integration with the company’s management system.

Of the six regulatory requirements that were evaluated, four were deemed to have no issues identified, and two were deemed to be non-compliant. The non-compliances were related to:

  • Hazard Identification: Enbridge’s process for hazard identification was considered to be insufficient because the process does not describe, in an established order, the series of interrelated actions necessary to identify and analyze all hazards and potential hazards. In addition, Enbridge did not demonstrate that it has adequately identified and analyzed all applicable facility integrity hazards. For example, the CER audit team found that manufacturing defects, weather and outside forces, and mechanical damage were not listed in the integrity hazard inventory; and
  • Risk Assessment: Enbridge’s process for risk assessment was also found to be insufficient. The process requires further development to describe the full process flow, how it integrates with other management system components, and addresses all regulatory expectations. In addition, Enbridge has initiated, but not yet completed, two facility risk assessments.

Within 30 calendar days of receiving the Final Audit Report, the company shall file with the CER a Corrective and Preventive Action (CAPA) Plan that outlines how the non-compliant findings will be resolved. The CER will monitor and assess the implementation of this CAPA Plan to confirm that it is completed in a timely manner.

Note that all findings are specific to the information assessed at the time of the audit as related to the audit scope.

While non-compliant findings exist, the CER is of the view that the company can still construct, operate, and abandon pipelines in a manner that will preserve the safety of persons, the environment, and property.

The Final Audit Report will be made public on the CER website.

Top of Page

Table of Contents

Top of Page

List of Tables and Figures

1.0 Background

1.1 Introduction

The CER expects pipelines and associated facilities within the Government of Canada’s jurisdiction to be constructed, operated, and abandoned in a safe and secure manner that protects people, property, and the environment.

Section 103 of the CER Act authorizes inspection officers to conduct audits of regulated companies. The purpose of these audits is to assess compliance with the CER Act and its associated Regulations.

The purpose of operational audits is to ensure that regulated companies have established and implemented both a management system and its associated programs, as specified in the OPR.

The CER conducted a Facility IM operational audit of Enbridge between 1 April 2025 and 30 July 2025.

1.2 Description of Audit Topic

The OPR requires that companies have an IMP for its pipelines and associated facilities. The objective of Facility IM is to provide operating companies with a formalized mechanism to maintain the integrity of the managed assets that demonstrates a commitment to protect the health and safety of employees, the public, and the environment. Integrity management for a facility aims to ensure safe operation by preventing failures that could result in the release of product.

Facility IM encompasses a wide range of equipment like pumps, prime movers, tanks, pressure vessels, piping systems, electrical components and instrumentation within the boundaries of the facility. Risk assessment is a crucial aspect of integrity management and for a facility one must consider complex interactions between different equipment and the various components within that equipment and potential cascading failures.

The CER’s expectations for this audit are explained in Appendix 1.0.

1.3 Company Overview

Enbridge Pipelines Inc and its affiliates operate one of North America’s longest and most complex crude oil and liquids transportation systems, with approximately 29,104 kilometers (km) of active pipeline across North America including 13,624 km of active pipeline in Canada.

The map below displays the company’s CER-regulated assets, consisting of the Enbridge Mainline system as well as connected pipelines, refineries, and terminals. Enbridge owns and operates the Enbridge Mainline, which includes the Canadian mainline and the Lakehead System (United States (U.S.)) mainline. The mainline transports crude oil, refined petroleum products, and natural gas liquids (NGL). Each pipeline that makes up the mainline has a different capacity with pipeline diameters ranging from 16 inches to 48 inches. Commodities transported along the mainline are shipped in batches to minimize contamination and only certain lines can transport certain products. The Canadian mainline is the longest oil pipeline in Canada and the largest of four major crude oil export pipelines from western Canada. It is made up of eight pipelines and a number of terminals and pump stations.

Figure 1. Map of Company’s Regulated Assets

Figure 1. Map of Company’s Regulated Assets

The starting point for the mainline is the Edmonton terminal, which delivers over 2.2 million barrels of crude oil and liquids daily. Enbridge has five CER-regulated lines leaving the terminal (Lines 1, 2, 3, 4 and 67) and Line 13 bringing condensate to the terminal. Only crude oil is stored at the terminal. Refined products and NGLs are only transported on Line 1.

Further to the east, the Hardisty terminal is an important crude oil storage hub. Enbridge has six CER-regulated lines leaving the terminal (Lines 1, 2, 3, 4, 67 and 93). Only crude oil is stored at the Hardisty terminal.

The Enbridge Liquid Pipeline (LP) transports western Canadian crude to refineries in Ontario and Quebec and the U.S. Midwest. It also connects to other pipelines including the CER-regulated Keystone Pipeline, Express Pipeline, and Wascana Pipeline. These pipelines provide access to the U.S. Rockies and the U.S. Gulf Coast markets.

2.0 Objective and Scope

The objective of the Facility IM audit was to assess whether the company’s IMP as applied to facilities is adequate to avoid and control events which could potentially cause harm to people, property or the environment. The company’s IMP as applied to facilities was assessed in accordance with selected requirements of the OPR in the areas of:

  • Hazard identification, risk assessment and control;
  • Operational control in normal and upset conditions;
  • Organization, competency, and training;
  • Inspection and monitoring and taking corrective and preventative actions; and
  • Integration with the company’s management system.

The table below outlines the audit topic, the lifecycle phases, and programs selected for this audit.

The scope of the audit includes the IMP in use at the time of the audit as well as the processes, procedures, and work instructions that the company has in place to enable it to implement integrity management at all its facilities throughout all lifecycles in accordance with the requirements of the OPR.

Note that while the focus was on the requirements and items listed in Table 2, if the audit had identified potential non-compliances to other requirements, the scope may have been expanded.

Table 1. Audit Scope

Table 1. Audit Scope

Audit Scope

Details

Audit Topic

Facility Integrity Management

Lifecycle Phases

 x 
Construction

 x 
Operations

 x 
Abandonment

Section 55 Programs

    
Emergency Management

 x 
Integrity Management

    
Safety Management

    
Security Management

    
Environmental Protection

    
Damage Prevention

Time Frame

Open

3.0 Methodology

The auditors assessed compliance through:

  • document reviews;
  • record sampling;
  • interviews; and
  • inspections.

For this audit, the audit team consisted of two auditors from the CER’s Audit, Enforcement and Investigation Team and three engineers from the CER’s Pipeline Integrity Team.

An audit notification letter was sent to the company on 1 April 2025 advising the company of the CER’s intentions to conduct an operational regulatory audit. The lead auditor provided the audit protocol and initial information request to the company on 9 April 2025 and followed up on 11 April 2025 with a meeting with Enbridge staff to discuss the plans and schedule for the audit. Enbridge provided its responses to the initial information request on 13 May 2025. The CER audit team’s review of the documents and records provided by Enbridge began on 14 May 2025 and interviews were conducted during the period 2 June 2025 to 25 June 2025.

The purpose of the document review was to assess if Enbridge has established the necessary processes and procedures to meet the expected outcomes listed in the audit protocols. The auditors reviewed over 60 documents. When reviewing processes, it is expected that companies meet the CER’s expectations for an established process. To be compliant, a process must:

  • Describe the purpose, scope, objective, and specific results that the process is intended to achieve;
  • Describe the series of interacting actions or steps that take place in an established order;
  • Define the roles, responsibilities, and authorities of staff to ensure the process is appropriately applied;
  • Reference other relevant processes, procedures, and work instructions (where required);
  • Describe how it is integrated with each section 55 program; and
  • Incorporate or contain linkage to procedures, where required to meet the process requirements.

Once a process has been established, the next essential requirement is to ensure that it is fully and properly implemented. The CER assesses this through interviews, record reviews and inspections. The first set of interviews was conducted primarily with management and senior staff to discuss each of the audit protocols. Additional interviews were carried out with field staff. The auditors conducted 11 interviews in total and sampled approximately 140 records. The list of documents reviewed, records sampled, and the list of interviewees are retained on file with the CER.

It had been previously decided to have the audit coincide with an inspection of Enbridge’s facilities carried out by two members of the audit team from the Pipeline Integrity Team and the lead auditor for the Facility IM audit. The inspection was carried out during the period 16 – 20 June 2025 at the Edmonton terminal, the Hardisty terminal, and the Kingman and Strome pump stations. At the facilities, the CER inspected various aspects of Enbridge’s tanks, pipelines, pumps, sumps, manifolds, and containment facilities as they related to the audit. The inspection also included a review of records and additional interviews with facility technicians. Full details and results of the facility inspection are found in the inspection officer’s report for Compliance Verification Activity (CVA) 2526-057 retained by the CER.

In accordance with the established CER audit process, the lead auditor shared a summary of the audit results with Enbridge staff at a pre-closeout meeting on 16 July 2025. The purpose of the meeting was to advise the company where gaps in information and/or compliance exist, which could potentially result in findings of non-compliance. Enbridge was then given five business days to provide any additional documents or records to help resolve any gaps in information. After the pre-closeout meeting, Enbridge provided additional information to assist the audit team in making its final assessment. The lead auditor conducted a final closeout meeting with the company on 30 July 2025.

4.0 Summary of Findings

The lead auditor has assigned a finding to each audit protocol. A finding can be either:

  • No Issues Identified – No non-compliances were identified during the audit, based on the information provided by the company, and reviewed by the auditor within the context of the audit scope; or
  • Non-compliant – The company has not demonstrated that it has met the legal requirements. A CAPA Plan shall be developed and implemented to resolve the deficiency.

All findings are specific to the information assessed at the time of the audit, as related to the audit scope.

The table below summarizes the findings. See Appendix 1: Audit Assessment for more information.

Table 2. Summary of Findings

Audit Protocol (AP) Number Regulation Regulatory Reference Topic Finding Status Finding Summary

AP-01

OPR

6.5(1)(i)

Management of Change

No Issues Identified

Enbridge met the expected outcomes for this regulatory requirement. All changes are being managed, including those at the facility level. No issues were identified.

AP-02

OPR

6.5(1)(c)

Hazard Identification

Non-compliant

It was found that the company has not sufficiently established a documented process for the identification and analysis of all hazards and potential hazards that meets the requirements of paragraph 6.5(1)(c) of the OPR. In addition, Enbridge has not demonstrated that it has adequately identified and analyzed all applicable facility integrity hazards.

AP-03

OPR

6.5(1)(e)

Risk Assessment

Non-compliant

Enbridge’s risk assessment documents require further development to describe the full process flow, how they integrate with other management system components, and address all regulatory expectations, particularly concerning change management, control implementation, contingency planning, and incorporation of operating conditions. Furthermore, two facility risk assessments have been initiated but were not completed at the time of the audit.

AP-04

OPR

6.5(1)(f)

Controls

No Issues Identified

Enbridge demonstrated that it met the requirements of paragraph 6.5(1)(f) of the OPR by documenting an integrated and robust process to develop controls using industry-aligned strategies and a structured hierarchy of mitigation options. It then assigned ownership to implement the controls, implemented them, and tracked them through to completion while ensuring that the controls were communicated to all affected personnel and stakeholders.

AP-05

OPR

6.5(1)(r)

Hazard & Incident Reporting and Response

No Issues Identified

Enbridge demonstrated that it is fulfilling the expected outcomes for this regulatory requirement. No issues were identified.

AP-06

OPR

6.5(1)(u)

Inspection and Monitoring

No Issues Identified

Enbridge demonstrated that it is fulfilling the expected outcomes for this regulatory requirement. No issues were identified.

5.0 Discussion

When compared to the objectives and scope of the audit, the CER audit team found that facility integrity management is incorporated into the company’s IMP and that it is integrated into the company’s operational management system. Enbridge was found to have processes for hazard identification, risk assessments and controls, although two of the processes did not adequately meet the CER’s requirements for a process, as explained below.

Enbridge’s controls take into consideration upset conditions and the requirement for contingency plans. The company demonstrated that it has processes for hazard and incident reporting and that they have been fully implemented. Likewise, Enbridge demonstrated that it has a robust inspection and monitoring program for its facilities. All of Enbridge’s staff that the audit team talked to during the inspection and audit were well aware of their responsibilities and accountabilities and were well versed in their jobs, so it was evident that competency and training requirements are being met.

There were gaps identified when assessed against the CER’s requirements for a process as defined in the document titled, Audit Terminology and Definitions provided to Enbridge at the start of the audit. Specifically, the processes did not:

  • Adequately describe a series of interacting actions or steps that are to take place in an established order;
  • Reference other relevant processes, procedures, and work instructions (where required);
  • Describe how they are integrated with other section 55 programs; and
  • Incorporate or contain linkage to procedures, where required to meet the process requirements.

In addition, it was found that not all facility integrity hazards and risks had been identified and analyzed, and two facility risk assessments for the Hardisty Terminal and Strome pump station had been initiated but were not completed at the time of the audit.

In summary, the CER audit team found two non-compliances related to:

  • Hazard identification: Enbridge’s process for hazard identification was considered to be insufficient because the process does not describe, in an established order, the series of interrelated actions necessary to identify and analyze all hazards and potential hazards. In addition, Enbridge did not demonstrate that it has adequately identified and analyzed all applicable facility integrity hazards. For example, the CER audit team found that manufacturing defects, weather and outside forces, and mechanical damage were not listed in the integrity hazard inventory; and
  • Risk assessment: Enbridge’s process for risk assessment was also found to be insufficient. The process requires further development to describe the full process flow, how it integrates with other management system components, and addresses all regulatory expectations. In addition, Enbridge has initiated but not yet completed two facility risk assessments.

6.0 Conclusion

The company has an operational management system applied to its Facility IM. Out of a total of six regulatory requirements that were evaluated, four were classified as No issues identified, and two were found to be Non-compliant. Detailed assessments can be found in Appendix 1.

Top of Page

7.0 Next Steps

The company is required to resolve all non-compliant findings through the implementation of a CAPA Plan. The process is as follows:

  • Within 30 calendar days of receiving the Final Audit Report, the company shall file with the CER, a CAPA Plan for review and approval outlining how the non-compliant findings will be resolved.
  • The CER will monitor and assess the implementation of the CAPA Plan to confirm that it is completed:
    • on a timely basis; and
    • in a safe and secure manner that protects people, property, and the environment.
  • Once the CAPA Plan has been fully implemented, the CER will issue an audit closeout letter.
Top of Page

Appendix 1: Audit Assessment

AP-01 - Hazard Identification
AP-01 - Documented Policies

Finding Status

No issues identified

Regulation

OPR

Regulatory Reference

Paragraph 6.5(1)(i)

Regulatory Requirement

A company shall, as part of its management system and the programs referred to in section 55,

(i) establish and implement a process for identifying and managing any change that could affect safety, security or the protection of the environment, including any new hazard or risk, any change in a design, specification, standard or procedure and any change in the company’s organizational structure or the legal requirements applicable to the company.

Expected Outcome

It is expected that the company can demonstrate that:

  • The company has a compliant process for identifying and managing change;
  • Methods are defined to identify and manage change;
  • Changes include any change that could affect safety, security or the protection of the environment, including any new hazard or risk, any change in a design, specification, standard or procedure and any change in the company’s ownership or organizational structure or the legal requirements applicable to the company; and
  • Impacts to the company management system and Facility IM are identified and assessed.

Relevant Information Provided by the Company

The list of documents and records reviewed by the CER related to this assessment is kept on file by the CER.

The interviews conducted related to this item are listed below. The full list of interviews and interviewees is kept on file with the CER:

  • Manager, Management of Change
  • Supervisor, Process Performance
  • Director, Integrity, Risk, and Governance
  • Manager, Integrity Governance
  • Senior Engineer, Integrity Governance
  • Supervisor, Integrity Governance

Finding Summary

Enbridge met the expected outcomes for this regulatory requirement. All changes are being managed, including those at the facility level. No issues were identified.
Detailed Assessment

Section 2.2 of Enbridge LP’s IMS deals with the management system elements and associated processes which are to be applied to the management system programs including the IMP. The Management of Change is one of the elements that make up the IMS, which has a corresponding corporate process to manage changes.

Within the IMP Manual, Section 7.0 dictates that the corporate process is to be followed to manage all changes applicable to the IMP, including changes at the facility level.

The process provides governance over all MOC processes, outlining requirements, and roles and responsibilities. It has a number of subprocesses, which include changes to the following, including the risks associated with any change:

  • Documents
  • The Legal List
  • Assets and General Changes
  • Capabilities

The subprocess to manage documents is to be used to manage changes to corporate level documents which are listed on Enbridge’s Governance Document List (GDL).

Changes to facility level documentation such as Operations and Maintenance Manuals (OMM) and procedures are managed by the company’s standard for document management and control. This standard comes under the umbrella of the documentation for field operations and maintenance on the GDL. It, and associated documents, are used to ensure consistent document control of Operations and Maintenance Manuals. There are related standards for:

  • Deviation and Non-Compliance;
  • Creation, Revision and Obsoletion; and
  • Site-Specific Procedures.

Enbridge uses its process for managing changes to regulatory requirements to keep track of any changes in legal requirements that affect the operation and maintenance of its assets.

Any changes to equipment and controls are to be handled through its process for managing assets and general changes. Enbridge provided the CER with a copy of an asset MOC initiated on 1 December 2023 at KB Terminal as evidence that it manages changes to its equipment.

Page 7 of LP’s corporate process for the management of change indicates that all LP employees are to have an awareness of the MOC process and be able to recognize when a MOC is needed for changes within their area of work. An Appendix outlines the competency and training requirements. During interviews and field inspections, field level technicians verified that they had received training, are aware of the MOC Process, and know how to initiate one.

During the audit, Enbridge was in the middle of a MOC intended to change the manner in which it manages changes to its organization. Enbridge advised the CER that the process that it uses to manage organizational changes had been made obsolete and the procedures within the process were being integrated into other processes. Enbridge provided the audit team with a copy of the MOC which explained how organizational changes are being managed in the interim by its Human Resources Team.

In summary, Enbridge met the expected outcomes for this regulatory requirement. All changes are being managed, including those at the facility level. No issues were identified.

AP-02 Hazard Identification
AP-02 Hazard Identification

Finding Status

Non-compliant

Regulation

OPR

Regulatory Reference

Paragraph 6.5(1)(c)

Regulatory Requirement

A company shall, as part of its management system and the programs referred to in section 55,
(c) establish and implement a process for identifying and analyzing all hazards and potential hazards.

Expected Outcome

It is expected that the company can demonstrate that:

  • The company has a compliant process that is established and implemented;
  • The methods for identification of hazards and potential hazards are appropriate for the nature, scope, scale, and complexity of the company’s operations, activities and the Facility IM;
  • The identification of hazards and potential hazards must include the full lifecycle of the pipeline;
  • The company has comprehensively identified and analyzed all relevant hazards and potential hazards;
  • The hazards and potential hazards have been identified for the company’s scope of operations through the lifecycle of the pipelines; and
  • The identified hazards and potential hazards have been analyzed for the type and severity of their consequences.

Relevant Information Provided by the Company

The list of documents and records reviewed by the CER related to this assessment is kept on file by the CER.

The interviews conducted related to this item are listed below. The full list of interviews and interviewees is kept on file with the CER:

  • Supervisor, Risk Management
  • Supervisor, Asset Risk
  • Senior Engineer, Integrity Governance
  • Supervisor, Integrity Governance

Finding Summary

While Enbridge demonstrated that it has met many of the expected outcomes for this regulatory requirement, it did not meet all of them. The CER found that the company has not sufficiently established a documented process for the identification and analysis of all hazards and potential hazards that meets the requirements of paragraph 6.5(1)(c) of the OPR. Specifically, the governing document does not contain sufficient procedural detail to meet the CER’s definition of a process. It does not describe, in an established order, the series of interrelated actions necessary to identify and analyze all hazards and potential hazards. As such, the company has not demonstrated that it has an adequately documented and implemented process to ensure hazards are consistently identified across its operations. In addition, Enbridge has not demonstrated that it has adequately identified and analyzed all applicable facility integrity hazards. For example, manufacturing defects, weather and outside forces, and mechanical damage were not listed in the integrity hazard inventory.
Detailed Assessment

Risk Management is one of the Enbridge LP IMS elements. Its associated corporate process for managing hazards and risks outlines the principles and responsibilities for the LP Risk Management Department, the Executive Management Team, the IMS Program owners, and the Workforce.

IMS Program owners, which includes the IMP, are to (amongst other things):

  • Identify and manage the hazards and risks within their area of accountability and responsibility.
  • Perform all aspects of hazard and risk management within their area of accountability and responsibility.
  • Ensure their team is appropriately trained.
  • Ensure that the hazard and risk management process is incorporated into their processes with a high degree of attention and quality.
  • Engage with the Enbridge LP Risk Management Department for any risks considered to be high or very high.
  • Execute, monitor and report on Hazard and Risk Treatment Plans.
  • Report annually to senior management.

LP’s corporate process for manging hazards and risks covers the requirement for program owners to communicate and consult with internal and external stakeholders during all stages of risk management, including communicating the hazards and the risk controls to anyone exposed to the risks. However, as will be explained below, the CER audit team identified issues of concern with this process.

Within the IMP, on Page 21 it directs that the LP Risk Management function is to follow the corporate process for managing hazards and risks.

According to Enbridge’s organizational chart, Facility IM is fully integrated within the IMP. The management of facility integrity comes under the umbrella of the VP of Pipeline Integrity. There are three directorates under the VP of Pipeline Integrity, which include:

  • Integrity Risk Management
  • Integrity Planning
  • Integrity Execution

Integrity Risk Management is responsible for analyzing the risks and determining the potential for failure and associated consequences. Where threats are identified that can be dealt with through preventive or corrective action, they are passed to the planning group. The Integrity Planning group develops a plan to deal with the threat and then passes it to the execution team. The Integrity Execution group then carries out the work. In the case of an imminent threat, it is dealt with immediately.

Page 6 of the corporate process for managing hazards and risks indicates that hazard identification is supported by the process for identifying hazards, which is one of the process documents listed in Enbridge’s GDL. Within the process it directs that all Enbridge LP functions and workforce performing any activity that has the potential to affect the achievement of objectives are to follow the process.

A hazard is defined as a condition potentially causing harm to a pipeline; the operator’s personnel and contractors; or the organizational culture.

It was noted by the CER audit team that although Enbridge has a Standard associated with this process, it is not mentioned or referenced in the corporate process for managing hazards and risks. According to this standard, the company is to use several techniques to identify hazards which are captured in its tools and methodologies for assessing risks document available on the GDL. Enbridge carries out three types of hazard assessments: Job Hazard Assessments (JHA); Field Level Hazard Assessment (FLHA); and Facility Hazard Assessments (FHA). The document also discusses the requirement for project and contractor hazard assessments.

The JHA outlines controls for hazards associated with specific jobs or tasks. A FLHA is carried out daily by all workers at a job site just before work commences. In addition to the hazards and controls identified in a JHA, the FLHA identifies unforeseen, newly developed or changing hazards at the immediate work site.

For FHAs, every facility owned and/or operated by Enbridge is to be assessed for hazards inherent to the facility and its operations. The assessment includes taking into account the nature of the hazard and the controls in place to address the hazard. It is to be reviewed and updated every two years. There is also a process for managing hazards for projects and contracted work.

During interviews, Enbridge verified that its established hazard identification processes have been implemented. It provided the CER with records of:

  • FLHA
  • Site-specific orientation for employees
  • Site-specific orientation for contractors
  • Evidence of hazards and controls being communicated to contractors
  • FHA for Edmonton Terminal
  • FHA for Kingman Station
  • Note: FHAs for Strome and Hardisty are planned for the coming year
  • Training records for Risk Identification and Risk Management
  • A Major Accidents Hazards Analysis for a Terminal
  • Process Hazard Analysis for an MOC

For training, Enbridge indicated that it expects all employees to be able to identify hazards. Enbridge maintains a library of training modules concerning all aspects of the process, which are available to all Enbridge employees through the Enterprise Learning Management System (LMS). The company identifies which training is applicable to the various positions within the IMP and communicates this to employees. Enbridge provided the CER auditors with training records as evidence that training is provided and is being completed.

According to the document, each protection program is accountable to ensure that all hazards and risks that could impact the programs objectives are to be documented within its register of hazards and risks. Enbridge provided the CER with a list of some of the facility hazards and risks from the register, but not all that one would associate with large facilities like a terminal or a pumping station.

Enbridge also has a process of identifying hazards associated with its management of change process. Any time a MOC is initiated, the hazards and risks associated with the change must be evaluated and considered when deciding whether to proceed with the change or not.

Enbridge provided the CER with its process for analyzing process hazards which the company uses to identify hazards associated with scope changes or new construction. Enbridge employs a process to identify and analyze hazards that could arise from a major accident at its facilities. For both processes, Enbridge provided the CER with records showing that the processes have been implemented.

An additional issue of concern that the CER audit team had with the corporate process for managing hazards and risks is that, while this document outlines risk management principles, governance roles, and general expectations aligned with ISO 31000, it does not meet the CER’s definition of a process. Specifically, it does not describe, in an established order, the series of interrelated actions necessary to identify and analyze all hazards and potential hazards.

The document appears to function primarily as a high-level framework and does not contain sufficient procedural detail to guide a user through the hazard identification and analysis steps. It lacks:

  • Clear descriptions of the required actions and task sequences;
  • Identification of decision points and required forms or tools; and
  • Linkage or reference to required sub-processes or procedures.

Additionally, the integration with section 55 programs lacks details. The document indicates that each IMS Program must follow the process, but doesn’t explain:

  • How they ensure integration with all section 55 programs (e.g., Environmental Protection, Emergency Management); and
  • How oversight is maintained across programs.

Another area of concern for the CER concerned the identification and analysis of all potential hazards. The CER audit team identified gaps in the list of integrity hazards. Manufacturing defects, weather and outside forces, and mechanical damage were not listed in the integrity hazard inventory. Enbridge has therefore not demonstrated that it has identified and analyzed these potential hazards, and consequently that the risks associated with those were assessed and that adequate controls are in place.

In summary, the CER found that the company has not sufficiently established a documented process for the identification and analysis of all hazards and potential hazards that meets the requirements of paragraph 6.5(1)(c) of the OPR. Specifically, the governing document does not contain sufficient procedural detail to meet the CER’s definition of a process. As such, the company has not demonstrated that it has an adequately documented and implemented process to ensure hazards are consistently identified across its operations. In addition, Enbridge has not demonstrated that it has adequately identified and analyzed all applicable facility integrity hazards.

AP-03 Risk Assessment
AP-03 Risk Assessment

Finding Status

Non-compliant

Regulation

OPR

Regulatory Reference

Paragraph 6.5(1)(e)

Regulatory Requirement

A company shall, as part of its management system and the programs referred to in section 55,
(e) establish and implement a process for evaluating the risks associated with the identified hazards and potential hazards, including the risks related to normal and abnormal operating conditions.

Expected Outcome

It is expected that the company can demonstrate that:

  • The company has a compliant process for evaluating and managing risks that is established and implemented;
  • The method(s) for risk evaluation confirm that the risks associated with the identified hazards (related to normal and abnormal operating conditions) are based on referenced regulatory standards and are appropriate for the nature, scope, scale, and complexity of the company’s operations, activities, and are connected to the purposes and intended outcomes of the Facility IM;
  • Risks are evaluated for all hazards and potential hazards and include normal and abnormal conditions;
  • Risk levels are monitored on a periodic basis and as needed and re-evaluated for changing circumstances;
  • Risks are managed using defined methods appropriate to the OPR section 55 programs; and
  • Risk tolerance/acceptance criteria is determined for all hazards and potential hazards.

Relevant Information Provided by the Company

The list of documents and records reviewed by the CER related to this assessment is kept on file by the CER.

The interviews conducted related to this item are listed below. The full list of interviews and interviewees is kept on file with the CER:

  • Supervisor, Risk Management
  • Supervisor, Risk Evaluation
  • Supervisor, Asset Risk
  • Senior Engineer, Integrity Governance
  • Supervisor, Integrity Governance

Finding Summary

While Enbridge’s risk assessment documents address aspects such as purpose, roles, risk tolerance, and some management steps, they require further development to describe the full process flow, how they integrate with other management system components, and address all regulatory expectations, particularly concerning change management, control implementation, contingency planning, and incorporation of operating conditions. Furthermore, two facility risk assessments were initiated, but not yet complete, at the time of the audit.
Detailed Assessment

In its response to the CER’s initial information request, Enbridge advised the CER that risk evaluation is completed using a documented corporate process to manage risk, including operational risk. The process uses standardized risk criteria to determine the level of risk and ensure that the appropriate Risk Authority is notified of the risk.

Enbridge provided the CER with its documents for evaluating risks as well as its criteria for operational risk. Together, the two documents provide a good foundation for the risk evaluation process within the IMP addressing several key requirements. They define the purpose, scope, and objectives of the process, focusing on risk classification and regulatory compliance. Roles and responsibilities are documented with authorities assigned for risk assessment, acceptance, and escalation decisions. Additionally, risk tolerance levels and acceptance criteria are established, offering a framework for determining how risks are managed.

While the documents outline some actions and decision points, they fall short of presenting a comprehensive, step-by-step sequence of interacting activities that guide users through the entire risk evaluation and management process. This lack of clarity impedes understanding of the complete workflow from risk identification through treatment and closure.

The integration of this process within the broader IMP is not fully demonstrated. The documents do not adequately describe how risk evaluation results link to other critical program elements, such as the development and implementation of controls, change management, and contingency planning. Without these connections, the process risks operating in isolation, reducing its effectiveness and alignment with regulatory expectations.

In addition, the consideration of operating conditions is incomplete. There is no clear description of how normal and abnormal operating conditions are factored into risk evaluations, which is essential for accurate risk characterization. Similarly, ongoing risk management practices such as monitoring the effectiveness of mitigation actions are not detailed, leaving potential gaps in sustaining risk controls.

There are limited references to related processes, procedures, and work instructions, which diminishes clarity around process integration and user guidance. The documents do include some regulatory references but lack explicit cross-references to internal documentation, which would support consistent application and continuous improvement.

Additionally, while Enbridge demonstrated that it has conducted risk assessments for the Edmonton Terminal and the Kingman Station, they were underway but not yet completed for the Hardisty Terminal and the Strome Station.

In summary, while Enbridge’s risk assessment documents address aspects such as purpose, roles, risk tolerance, and some management steps, they require further development to describe the full process flow, how it integrates with other management system components, and addresses all regulatory expectations, particularly concerning change management, control implementation, contingency planning, and incorporation of operating conditions.

AP-04 Controls
AP-04 Controls

Finding Status

No issues identified

Regulation

OPR

Regulatory Reference

Paragraph 6.5(1)(f)

Regulatory Requirement

A company shall, as part of its management system and the programs referred to in section 55,
(f) establish and implement a process for developing and implementing controls to prevent, manage and mitigate the identified hazards, potential hazards and the risks and for communicating those controls to anyone who is exposed to the risks.

Expected Outcome

It is expected that the company can demonstrate:

  • The company has a compliant process for developing and implementing controls;
  • The method(s) for developing controls are appropriate for the nature, scope, scale, and complexity of the company’s operations and activities and the Facility IM;
  • Controls are developed and implemented;
  • Controls are adequate to prevent, manage and mitigate the identified hazards and risks;
  • Controls are monitored on a periodic basis and as needed and re-evaluated for changing circumstances; and
  • Controls are communicated to those exposed to the risks.

Relevant Information Provided by the Company

The list of documents and records reviewed by the CER related to this assessment is kept on file by the CER.

The interviews conducted related to this item are listed below. The full list of interviews and interviewees is kept on file with the CER:

  • Supervisor, Risk Management
  • Supervisor, Risk Evaluation
  • Senior Engineer, Integrity Governance
  • Supervisor, Integrity Governance

Finding Summary

Enbridge demonstrated that it met the requirements of paragraph 6.5(1)(f) of the OPR by documenting an integrated and robust process to develop controls using industry-aligned strategies and a structured hierarchy of mitigation options. It then assigned ownership to implement the controls, implemented them, and tracked them through to completion while ensuring that the controls were communicated to all affected personnel and stakeholders.
Detailed Assessment

Enbridge’s IMP document directs that operational controls are to be established to manage the identified hazards and risks, and the controls are to be approved by the owners and communicated to the workforce that needs to be made aware.

The IMP identifies the hazards and risks to integrity management such as:

  • Metal loss due to external and internal corrosion;
  • Stress corrosion cracking and fatigue;
  • Deformation due to bending, denting and geohazards; and
  • Mechanical equipment incorrect operation.

It then breaks down the controls for those hazards and risks into preventive controls, monitoring controls and damage mitigation controls.

The preventive controls include things such as protective coatings, cathodic protection, product quality control and pressure cycle management.

The monitoring controls include in-line inspection tools, hydro testing, non-destructive testing, on-line sensors, surveys and equipment checks.

The damage mitigation controls include:

  • Pressure reduction;
  • Pipe/equipment repair;
  • Replacement;
  • Preventive maintenance; and
  • Geotechnical remediation.

The pipeline and all the equipment at the facilities are monitored and controlled by a control centre and includes a leak detection system. If a leak is detected, the control centre operator is required to shut down the affected pipeline and associated equipment. This is all done remotely. In addition, each station has an Emergency Shutdown system that will automatically shut down the stations if certain conditions are detected.

Although the equipment is monitored and operated remotely, the technicians at the facility level carry out equipment checks on a regular basis. Maximo is used to issue weekly work instructions to the technicians regarding the equipment monitoring and inspections that are to be carried out.

In its response to the CER’s initial information request, Enbridge stated that its process for developing and implementing controls to prevent, manage, and mitigate the identified hazards, potential hazards and risks is documented in its LP process for risk treatment. This process provides direction and guidance regarding the selection, implementation, and reporting on risk treatment decisions. The process for communicating risk treatment decisions (controls) to those who are exposed to the risk is documented within the corporate process for managing hazards and risks.

Enbridge’s corporate process for managing hazards and risks and its LP process for risk treatment combine to form a framework that aligns with the requirements set out under paragraph 6.5(1)(f) of the OPR. Both documents clearly define and operationalize the hazard and risk management lifecycle, incorporating globally recognized standards such as ISO 31000 and related industry practices from American Petroleum Institute (API) 1173, Canadian Standards Association (CSA) Z662, and American Society of Mechanical Engineers (ASME) B31.8S. The processes are embedded in Enbridge’s IMS, ensuring their use across business areas and decision-making levels.

These processes contain linkages between hazard identification, risk evaluation, and risk treatment with the development and implementation of controls. The process for the treatment of risk explicitly provides a structured approach to selecting control measures:

  • Purpose & Scope: Clearly states that risk treatment includes selecting one or more options to modify risks (e.g., eliminate, prevent, detect, mitigate), and reporting on their effectiveness.
  • Selection Categories: Includes elimination, substitution, engineering, administrative, and personal protective equipment controls, in line with the hierarchy of controls.
  • Example Treatments: Illustrates options like shutdown, repair, sleeve installation, pressure reduction, alarm system enhancement, and contingency planning.
  • Integration with standards: Cites regulatory and International Organization for Standards (ISO)-based criteria when selecting controls.

Additionally, the process provides details on how controls move from planning to execution to demonstrate implementation:

The document defines roles and responsibilities as:

  • Risk Treatment Owner is tasked with executing and monitoring control measures.
  • Risk Leads, Risk Coordinators, and Risk Profile Owners are assigned steps in documenting, approving, and tracking the implementation.
  • Execution via Integrated Planning: Control execution is woven into Enbridge’s project governance, IMS departmental plans, capital project planning, and operational timelines.
  • Monitoring & Effectiveness: Residual risk is reassessed post-implementation; performance metrics (e.g., percentages complete, risk reduction) are tracked.

The processes also integrate risk management with strategic business planning, operational decision-making, and change management.

The processes also incorporate communication elements:

The corporate process for managing hazards and risks includes communication across all stages, which:

  • Ensures clarity of accountability, stakeholder involvement, and dissemination of hazard and control information.
  • States risk controls are communicated directly to those exposed.

The process for the treatment of risk emphasizes stakeholder engagement, so that:

  • Treatment options are selected in consultation with other departments.
  • Reporting on treatment status is required, ensuring visibility to relevant parties.
  • Documented references are communicating risk treatment decisions to those exposed via the corporate process for managing hazards and risks.

Enbridge provided the CER Auditors with a presentation on a major accident hazard analysis it had conducted at its Edmonton Terminal. The company ran the audit team through the risk evaluation and treatment process, which resulted in the installation of product migration mitigation measures such as hydrocarbon detection and automated valves for closing drainage systems. During the inspection of the Edmonton Terminal during the period 16 – 20 June 2025, the CER inspection team had a look at the installed system to verify its existence and intended functionality.

In summary, Enbridge demonstrated that it met the requirements of paragraph 6.5(1)(f) of the OPR by documenting an integrated and robust process to develop controls using industry-aligned strategies and a structured hierarchy of mitigation options. It then assigned ownership to implement the controls, implemented them, and tracked them through to completion while ensuring that the controls were communicated to all affected personnel and stakeholders.

AP-05 Hazard & Incident Reporting and Response
AP-05 Hazard & Incident Reporting and Response

Finding Status

No issues identified

Regulation

OPR

Regulatory Reference

Paragraph 6.5(1)(r)

Regulatory Requirement

A company shall, as part of its management system and the programs referred to in section 55,
(r) establish and implement a process for the internal reporting of hazards, potential hazards, incidents and near-misses and for taking corrective and preventive actions, including the steps to manage imminent hazards.

Expected Outcome

It is expected that the company can demonstrate that:

  • The company has a compliant process that is established and implemented;
  • The company has defined its methods for internal reporting of hazards, potential hazards, incidents and near-misses;
  • Hazards and potential hazards are being reported as required by the company’s process;
  • Incidents and near-misses are being reported as required by the company’s process;
  • The company has defined how it will manage imminent hazards;
  • The company is performing incident and near-miss investigations;
  • The company’s investigation methodologies are consistent and appropriate for the scope and scale of the actual and potential consequences of the incidents or near misses to be investigated;
  • The company has defined the methods for taking corrective and preventive actions; and
  • The company can demonstrate through records that all corrective and preventative actions can be tracked to closure.

Relevant Information Provided by the Company

The list of documents and records reviewed by the CER related to this assessment is kept on file by the CER.

The interviews conducted related to this item are listed below. The full list of interviews and interviewees is kept on file with the CER:

  • Supervisor, Risk Management
  • Technical Manager, Assurance
  • Senior Engineer, Integrity Governance
  • Supervisor, Integrity Governance

Finding Summary

Enbridge demonstrated that it is fulfilling the expected outcomes for this regulatory requirement. No issues were identified.
Detailed Assessment

Enbridge provided the CER with an explanation of how its hazard and incident reporting and response system works at the facility level. Any new hazards encountered by facility personnel are reported through the corporate process for managing hazards and risks. New hIMPazards can be identified through JHAs, FLHAs, and FHAs. Any hazard identified is reviewed and compared to what already exists on the corporate risk register. If it is new, and deemed credible, it is added.

Incidents are tracked and managed through Enbridge’s Encompass system. Where required, incidents are initially dealt with following a pre-analysis process. This involves conducting rapid response, making sure everyone is safe, isolating the scene, and then reporting it. The follow up process involves an investigation (as required) and corrective and preventive actions, both of which are governed by properly documented processes. This initial pre-analysis process serves the requirement for providing the steps to deal with imminent hazards and near-misses.

All workers at a facility have an Event Reporting Application on their Enbridge-issued personal device. Enbridge provided training to its employees on how to use the application. As evidence, Enbridge provided the CER with the instructions on how to use the Event Reporting Application which were provided to employees to enable them to enter incidents on their own, as they happen. They also provided the CER with the event workflow steps.

Interviews with field staff conducted during facility inspections revealed that the technicians do in fact have the incident reporting application available to them and they have been instructed on how to use it. They can and do use it, although often incidents they encounter are reported to their supervisor who then decides whether or not it needs to be managed further and entered into the system.

If an incident or event does need to be reported, it proceeds to the Verification Workflow Phase. An Event Coordinator will receive a notification from Encompass alerting them that an event needs to be verified. Enbridge provided the CER with a document listing the key roles and responsibilities for event management, which vary depending on the type of event.

Enbridge also provided the CER with its Canada Event Reporting Guide. The guide provides Enbridge employees with guidance on all Canadian Regulatory event reporting criteria and requirements when an event related to the construction, operation, maintenance or abandonment of a pipeline system occurs. This includes pipeline, facility infrastructure and associated storage.

The Canadian Event Reporting Guide provide guidance on event reporting criteria and requirements for things such as:

  • Significant Events – LP Only
  • Releases, Leaks, Spills, Flaring and Venting
  • Fatalities/Serious Injuries/Medical Aid/Near Misses
  • Operating Beyond Design Limits
  • Damage Prevention including Line Strikes
  • Property Damage
  • Adverse Environmental Effects
  • Others

Enbridge provided the CER with a report on a failure of a pump seal and the follow up activity that took place. This served as an example of identifying, reporting, investigating and taking corrective action for an incident.

The company also provided the auditors with an event report for a system overpressure at one of its terminals showing the initial incident, immediate response, follow up investigation, and the corrective and preventive actions.

Overall, Enbridge demonstrated that it is fulfilling the expected outcomes for this regulatory requirement. No issues were identified.

AP-06 Inspection and Monitoring
AP-06 Inspection and Monitoring

Finding Status

No issues identified

Regulation

OPR

Regulatory Reference

Paragraph 6.5(1)(u)

Regulatory Requirement

A company shall, as part of its management system and the programs referred to in section 55,
(u) establish and implement a process for inspecting and monitoring the company’s activities and facilities to evaluate the adequacy and effectiveness of the programs referred to in section 55 and for taking corrective and preventive actions if deficiencies are identified.

Expected Outcome

It is expected that the company can demonstrate that:

  • The company has a compliant process that is established and implemented;
  • The company has developed methods for inspecting and monitoring their activities and facilities;
  • The company has developed methods to evaluate the adequacy and effectiveness of the programs referred to in section 55;
  • The company has developed methods for taking corrective and preventive actions when deficiencies are identified;
  • The company is completing inspections and monitoring activities as per the company’s process; and
  • The company retains records of inspections, monitoring activities, and corrective and preventive actions implemented by the company.

Relevant Information Provided by the Company

The list of documents and records reviewed by the CER related to this assessment is kept on file by the CER.

The interviews conducted related to this item are listed below. The full list of interviews and interviewees is kept on file with the CER:

  • Technical Manager, Assurance
  • Supervisor, FI Planning
  • Manager, FI Planning
  • Supervisor, Maintenance Management Services
  • Storage Planning Engineering Specialist
  • Fixed Assets Engineering Specialist
  • Fixed Assets Engineering Specialist
  • Senior Engineer, Integrity Governance
  • Supervisor, Integrity Governance

Finding Summary

Enbridge demonstrated that it is fulfilling the expected outcomes for this regulatory requirement. No issues were identified.
Detailed Assessment

Assurance Management is an element of the company’s IMS and the two processes that are applicable to this audit protocol assessment are its process for inspections and assessments, and its process for managing corrective and preventive actions. The IMS directs that each program is to use these processes, and the CER auditors found that the IMP is meeting this requirement.

Enbridge evaluates the adequacy and effectiveness of its programs through its process for inspections and assessments. The process directs that annually each program owner is to prepare an annual Assurance Plan to document the assurance inspections and assessments that are to be conducted in the next calendar year. These plans detail the inspections, assessments and audits that program owners are to prepare to self-regulate for compliance with requirements and to assess the adequacy and effectiveness of LP IMS Programs and Processes.

Enbridge provided the CER audit team with the results of an audit of its integrity program conducted in 2024 as evidence that it is conducting internal quality assurance. The audit findings indicated that the corrective and preventive actions had all been completed.

Enbridge’s Assurance Team provided the auditors with an overview of the influence of risk on technical and physical inspections when determining the frequency and type of inspection and monitoring of its facility piping systems. The process takes into consideration the results from internal corrosion inspections, external corrosion inspections and stress corrosion cracking inspections and other factors. The company employs a computer model which factors in a number of things when calculating risk of failure; things such as the age of the pipe, wall thickness, coating type/age/condition, soil type, and many other factors when calculating susceptibility to failure.

Enbridge has various classes of assets, and they use different failure rate data and follow recommended inspection intervals from different standards and other sources. For example, they follow the rules of API 653 for inspection frequencies of above ground storage tanks. Enbridge stated that they follow provincial rules for the inspection of pressure vessels. Pressure relief devices are tested annually. Enbridge provided the CER audit team with examples of internal and external tank inspection records.

During this audit, the lead auditor and two subject matter experts from the CER’s Pipeline Integrity group inspected some of Enbridge’s facilities. The inspection was carried out during the period 16 – 20 June 2025 at Edmonton terminal, Hardisty terminal, and the Kingman and Strome pump stations. The two terminals are manned while the two pumping stations are normally unmanned. The CER team of inspection officers toured the sites and inspected tank roof drainage systems, tank level controls, containment systems, pump stations, sumps, manifolds and above ground piping amongst other things. The full details and results of the facility inspection are found in the inspection officer’s report for CVA 2526-057 retained by the CER.

Enbridge monitors the operating condition of its pipelines and the equipment at its terminals and pumping stations remotely from its control centre. Additional inspection and monitoring activities at its terminals and pumping stations are carried out by its technicians. Weekly, the technicians are issued with a weekly work plan through Enbridge’s work planning application ‘Maximo’. Each work plan directs the technicians on what they are to inspect and monitor and issues instructions and checklists for them to follow. Once the work is completed, Maximo is updated to indicate that the work has been done.

Enbridge provided the CER audit team with examples of job plans for the Kingman and Strome pump stations indicating that the facilities are regularly inspected and that maintenance activities are carried out. They also provided evidence that the results of the inspections are entered into Maximo to indicate that they have been completed. Interviews with technicians at Edmonton Terminal and Hardisty Terminal verified that this process is being followed.

Enbridge provided the audit team with a number of records to demonstrate that the company regularly performs predictive maintenance and inspections and carries out corrective maintenance on its equipment at its facilities at Edmonton Terminal, Hardisty Terminal and the Kingman and Strome stations. For example, at random, the CER audit team requested inspection and testing records for the Line 3 Pump Building and tank level alarm transmitter and tank level switch inspections for a Tank at Edmonton Terminal. Enbridge was able to provide these records.

Enbridge demonstrated that it is fulfilling the expected outcomes for this regulatory requirement. No issues were identified.

Top of Page

Appendix 2: Terms and Abbreviations

For a set of general definitions applicable to all operational audits, please see Appendix I of the CER Management System Requirements and CER Management System Audit Guide found on www.cer-rec.gc.ca.

Appendix 2: Terms and Abbreviations

Term or Abbreviation

Definition

API

American Petroleum Institute

ASME

American Society of Mechanical Engineers

CAPA

Corrective and Preventive Action

CER

Canada Energy Regulator

CER Act

Canadian Energy Regulator Act (S.C. 2019, c. 28, s. 10)

CSA

Canadian Standards Association

CVA

Compliance Verification Activity

Facility IM

Facility Integrity Management

FHA

Facility Hazard Assessment

FLHA

Field Level Hazard Assessment

GDL

Governance Document List

IMP

Integrity Management Program

IMS

Integrated Management System

JHA

Job Hazard Analysis

LMS

Learning Management System

LP

Liquid Pipelines

MOC

Management of Change

MOP

Maximum Operating Pressure

NGL

Natural Gas Liquids

OMM

Operation and Maintenance Manual

OPR

Canadian Energy Regulator Onshore Pipeline Regulations (SOR/99-294)

The company

Enbridge Pipelines Inc.
Top of Page
Date modified: