Information Advisory CER IA 2025-002 – 2024-2025 Canada Energy Regulator – Management System Audits

Information Advisory CER IA 2025-002 – 2024-2025 Canada Energy Regulator – Management System Audits [PDF 220 KB]

File 6362510
11 December 2025

Please find attached the Canada Energy Regulator (CER) Information Advisory (IA), CER IA 2025-002, which summarizes the findings from six management system audits conducted by the CER during 2024–2025. These audits evaluated regulated companies’ compliance with the Canadian Energy Regulator Onshore Pipeline Regulations (SOR/99-294) with a focus on the following areas:

• Emergency management programs;
• Annual report; and
• Lifecycle transition processes.

The CER is sharing these findings to support continual improvement across all regulated companies. CER-regulated companies are expected to proactively identify, assess, and manage hazards and risks to prevent harm to people, property, and the environment. We encourage all companies to review their management systems in light of the issues identified in this advisory and take any necessary corrective actions.

The CER will incorporate these learnings into future compliance and oversight activities, including audits.

If you have any questions or require further clarification, please contact the CER through our toll-free number at 1-800-899-1265.

This and other advisories are available on the CER website.

Best regards,

Signed by

Chris Loewen
Executive Vice President

Information Advisory
CER IA 2025-002
11 December 2025

2024-2025 Canada Energy Regulator - Management System Audits

Basis for Issuance

The Canada Energy Regulator (CER) requires all companies to establish and implement an effective management system to protect people, property, and the environment from harm. The Canadian Energy Regulator Onshore Pipeline Regulations (SOR/99-294) (OPR) outline the specific management system requirements that companies must meet.

This information advisory summarizes key findings from the 2024/25 audit program. It is intended to promote learning and continual improvement across all CER-regulated companies by highlighting common areas of non-compliance and opportunities for strengthening management system practices.

Background

As part of its ongoing oversight activities, the CER conducted six audits in 2024–2025. These audits examined three key areas of management system compliance:

• Emergency Management program – three audits;
• Annual Report– two audits; and
• Lifecycle Transition– one audit.

The six companies selected for audit were identified through the CER’s risk-based oversight prioritization model. These focused audits help the CER assess and promote compliance with management system requirements across the energy industry.

In July 2021, the CER published its audit Protocols, which provide guidance on how the CER interprets the OPR’s management system requirements. These protocols are directly relevant to the lessons learned outlined in this Information Advisory. Companies are encouraged to refer to these protocols for additional context and guidance.

Emergency Management Program Audits:

The CER conducted three Emergency Management program audits across three different companies, focusing on compliance with several sections of the OPR.

Under the OPR, companies are required to maintain an emergency management program that anticipates, prevents, manages, and mitigates conditions during an emergency that could negatively impact property, the environment, or the safety of workers and the public. Auditing Emergency Management programs is one of several oversight activities the CER employs to assess a company’s readiness to respond effectively in the event of an emergency.

While not an exhaustive list, the audits identified the following key areas of non-compliance:

• Hazard identification and analysis were not comprehensive or systemic. Some companies didn’t identify or analyze all relevant hazards and potential hazards. Other companies had multiple hazard inventories that were scattered and uncoordinated.
• Stakeholders weren’t properly informed. Stakeholders in some jurisdictions were not informed of their responsibilities in the event of an incident. Because pipelines cross multiple jurisdictions, comprehensive engagement is essential.
• Too much reliance on individual expertise. Knowledge wasn’t embedded in documented, structured, management system processes.
• Contingency planning was lacking. Potential abnormal events or operating conditions weren’t identified, and corresponding contingency plans weren’t developed.
• Program documents were missing or poorly managed. Some were outdated, not being followed, or didn’t meet the basic regulatory requirements.

Annual Report Audits:

This audit topic assesses the company’s annual report that describes the performance of the management system, and the company’s processes used to generate this report. Although smaller in scope, these audits offer valuable insight into the overall effectiveness of a company’s management system. The CER conducted two annual report audits this year, bringing the total number of such audits to eight since 2020.

Despite being a recurring audit topic, some companies are performing poorly in this area. As such, it is likely that the CER will continue conducting annual report audits in the future. We encourage all companies subject to the OPR to proactively review and ensure they comply with the annual report requirements. Companies that perform poorly in these audits may be subject to additional compliance verification activities in the future.

While not an exhaustive list of all non-compliances, annual report audits identified issues in the following areas:

• Annual reports were missing key details. They should explain how the company met its goals and targets, assess whether the management system works, and describe actions taken to fix problems found by quality assurance activities. Some reports didn’t include this required information.
• Performance measures were unclear. Some companies didn’t provide the specific metrics used to evaluate the status of their goals and objectives.
• Company relied on the wrong standard. Some companies provided details based on the provincial Certificate of Recognition standard, which is different from the OPR.

Lifecycle Transition Audit:

This audit examined how a pipeline transitions from construction to operations. It focused on the environmental protection program. Audit findings indicated that the management system is being implemented as designed. For example, interview responses from company personnel were consistent with documented processes, and a sampling of company records showed that, for most items assessed, process outputs aligned with management system expectations. However, two non-compliant findings were identified:

• Controls weren’t communicated. Some people exposed to environmental hazard and risks weren’t told about the controls before starting work.
• Monitoring was inadequate. The environmental protection program wasn’t properly checked to ensure it was effective. In some cases, monitoring didn’t catch or fix environmental problems quickly enough.

Recurring Issue:

As noted in previous Information Advisories, a recurring issue identified in some audits — regardless of the audit topic—is the absence of properly established and implemented processes.

Section 6 of the OPR requires companies to have established and implemented processes that meet specific criteria. A partial definition of what is required for a process to be compliant is:

“A documented series of interrelated actions that take place in an established order and are directed toward a specific result.” Companies must ensure their processes include the following:

• the purpose, scope, objective, and specific results that the process is intended to achieve;
• the series of interacting actions or steps that take place in an established order;
• the roles, responsibilities, and authorities of staff to ensure the process is appropriately applied;
• other relevant processes, procedures, and work instructions; and integration with each section 55 program; and
• linkage to procedures, where required to meet the process requirements.”

Some companies are either not documenting their processes and/or the processes are missing some of the content included above. Companies are encouraged to review their existing processes to ensure alignment with this definition.

Next Steps

CER-regulated companies are expected to review the deficiencies outlined in this Information Advisory and ensure they are not present in their own management systems. The CER will incorporate these learnings into its future compliance and oversight activities, which may include future audits in these areas.

For more details please refer to the Management System and Protection Program Audit Protocols, the Updated Operations Audit Protocols and Guidance Document, and the audit reports, all posted on the CER website.

Date modified:

2025-12-11