Audits evaluate how a company manages its activities. We expect every company we regulate to have management systems and protection programs that are effective and work well. Companies that manage their activities well can better anticipate, prevent, and mitigate issues that can affect safety, security, and the environment. Management systems can be complex, so auditing them can be more involved and take time to complete. In many cases, we may need to review more than one site or facility.
Search audit reports
After an audit is done, a report is made public. We expect all companies to consider and review the findings in these reports and use them to improve their management systems.
Planning audits using a risk-based approach
We use a risk-based approach when we plan audits. For example, we will audit a company or pipeline operation with a higher risk of compliance violations than one with a lower risk. When evaluating risk, we also consider whether we need to have a closer look at a company’s operations or whether we need to have a broader look at a requirement with more than one company.
Full-scale audits (one company)
A full audit may include a review of:
Focused audits (more than one company)
Focused audits look at one issue (one management system requirement) across multiple companies. These audits help us improve the management system requirement across industry.
Regulations and guidance
When we find something
- After we complete an audit, we issue a report. This report contains our findings.
- A finding of non-compliance does not necessarily mean an immediate hazard is present. However, it does mean an issue needs to be addressed for a system to remain safe.
- To address a non-compliance, the company must develop and put in place a corrective and preventative action plan, or CAPA plan. Higher risk issues must be addressed first, as quickly as possible.
- We track and follow up on the company’s plan to make sure all non-compliances are addressed effectively. For any hazards we find during an audit, we take immediate action.
Compliance and enforcement
We check that companies are meeting requirements to protect people and the environment. Any company that fails to take corrective action when a non-compliance is identified will be subject to enforcement action. This may mean being ordered to do something, being fined, or being required to immediately stop work.
- Date modified: