Risk-Based Technical Audit Program (RBTAP)

Applicable for Oil & Gas, Refinery, Petrochemicals, LNG, Energy, Power & Utility, Renewable & Green Energy, Chemicals, Fertilizers & Pesticides, Plastics & Polymers, EPC, Logistic & Services, & Hazardous Materials Management Companies

1. Introduction to Risk-Based Technical Audit Program (RBTAP)

Engineering consultants play a pivotal role in the Technical domain. Engaging in a technical environment will subject engineers to ongoing pressure to achieve timely deliverables. They are required to make prompt decisions and take swift action, facilitating the smooth progression of Operations and Projects without unnecessary delays or resource inefficiencies.

On the other hand, any error or non-conformance in technical operations & engineering of process plants, if undetected, could have serious impact on safety and reliability of those involved in the project and operations, resulting in adverse environmental impacts or could damage the organizations involved.

Many engineering consultants have established Technical Management Systems, most of which have been certified. However, over the last few years, it has been realized by industrial experts & professionals that the value addition of conventional compliance audits decreases, as the organization matures. Therefore, a new audit program, called the “Risk Based Technical Audit Program (RBTAP)” was developed and has been in practice since then.

In this article, we will be focusing on a concept called “Risk-Based Technical Audit Program” that could be implemented to assess the safety and quality of the Engineering process & EPC projects in the Oil & Gas industry and various other sectors & domains. The main purpose of RBTAB is to ensure integrity of Process Design or Operational Efficiency, without jeopardizing schedule and cost performance of the project or operations.

2. Why Risk-Based Technical Audit Program

When considering an audit, individuals typically envision a process of reviewing documents and records, which primarily concentrates on past actions, without taking into account an evaluation of current performance and its potential impact on the company’s future outcomes.

Risk-Based Technical Audits are those which are planned and conducted based on the results of a project or an operation’s technical risk assessment. Attention should be extended towards potential sources of high risk.

Other distinctions of RBTAP from conventional audits are the extent of pre-audit preparation required, the competence of the auditors and the audit reporting methods.

3. RBTAP execution overview

Below are few fundamental questions with explanatory answers, which can give an overview of RBTAP’s generalized scope, requirements, risk and deviations prioritization methodology: -

1. When to audit

To know what is the perfect time to audit, one should understand the meaning of Progressive Elaboration, which is nothing but a key characteristic of project and operations management, reflecting their inherently dynamic, temporary, and unique nature. It refers to the process of developing plans and activities incrementally, refining them over time. Consequently, auditors face the challenge of evaluating something that is constantly evolving. As such, there is no definitive moment when an auditor can obtain a complete and final understanding of the situation.

In the context of Engineering, Operations & Projects, the first audit typically involves a review of design or operational performance requirements, ensuring that they meet the necessary standards and identifying potential issues. The second audit focuses on evaluating the integrity of the design and the readiness of operations before the start-up phase. Following this, it is highly advisable to conduct periodic audits during regular plant operations, as scheduled in accordance with the guidelines provided by the OEM (Original Equipment Manufacturer), licensors, statutory requirements, or in response to any urgent needs.

2. What to audit

Risk-Based Technical Audit requires considerable pre-audit preparation. The auditor has to review main process & project documents well in advance of the audit. This will include but not limited to:

• Technical, Operational, Production, Services areas.
• Design Basis, Standards, Compliance & Regulations.
• Process Understanding Document (PUD).
• Risks Assessment, Barrier Management, Controls & Mitigation Plans.

The auditor neither intends to, nor has the resources available, to audit everything right from the set-up phase of any operations and project, up until execution & delivery phase. Therefore, auditors use sampling methods. Selecting suitable sampling methods and sample size is not an easy task.

In Risk-Based Technical Audits, samples should be chosen based on the criticality and complexity of the Standards, Engineering, Design or Function, and the severity of possible negative consequences of non-conformities they intend to have on plant’s safety, reliability and integrity. Therefore, during the audit samples should be selected from high risk area. Few illustrative examples of for Risk-Based sampling based on risk prioritization area are listed below.

• New experience/technology, where it is the team’s first time to design such a project or handle such a technology in operations.
• Design or Operations of Equipment and Assets which will operate under high pressure, extreme temperatures, or which contain or transfer hazardous, toxic, or flammable materials.
• Operations or Maintenance of equipment or units over which other equipment or units are dependent.
• Material and Asset Integrity Management of any operation, which will involve critical activity and process.
• Compliance obligations, where any deviation or non-compliance can cause huge risk of damage to organization’s occupational safety, assets or reputation.
• Shutdown – Turnaround – Outage (STO): Which will involve huge activities, production loss/outage etc.

3. Who should conduct the audit?

Audit results are valuable inputs to the organization’s improvement process. Therefore, the competence of the auditor is a major factor to consider.

The auditor must be a degree holder (preferably an engineer) with a background in any of the following specializations like Engineering, Operations, Production, Project Management or similar technical disciplines. The auditor should possess knowledge and skills in the following areas:

• Auditing principles, methodology, procedures and process techniques.
• Engineering, Operation, Production, Manufacturing and Project Management practices, with fundamental knowledge & expertise in the industry, which is in the interest of audit scope.
• Applicable codes, standards and regulatory compliance requirements.

In addition to the technical knowledge and skills mentioned above, the auditor should possess the personal attributes and interpersonal skills.

Communication skills of the auditors are of utmost importance. Auditors need to be able to communicate both to the boardroom, audit committee, process owners and functional heads.

4. What to Report

Findings of a Risk-Based Technical Audit should be ranked according to their potential impact on either the Engineering, Operations, Production & Project (Green & Brown - Field) of the plant.

Major findings are those which fall under any of the following conditions:

• Operational deviation, Standards, Regulations, Compliance & Specifications
• Engineering error, Procedure deviations or Deviations in Operating Limits, with critical consequences on people, environment and property during operations or project execution (e.g. loss of life, significant environmental damage, loss of production, damage to reputation, delay in deployment).

These kinds of findings should be addressed immediately by the auditee, making sure that root causes have been identified and corrective actions to prevent recurrence have been implemented.

Minor findings are those which fall under any of the following conditions:

• There’s a minor error which could be overcome with rework.
• There’s a potential for a less significant HSE accident or Regulatory Non-Compliance during the Project phase or Operational phase of the plant.

Minor findings should be dealt with in a timely manner to prevent its escalation or potential negative effects.

What is missed most of the time is the communication of audit results with other disciplines to ensure that we prevent similar findings from happening.

4. Summary & Conclusion

To summarize, RBTAP is distinct from conventional audits because actual Performance is being audited rather than records. Also, audit samples will be chosen based on a risk-based priority and not randomly. Findings will be ranked based on the potential impact on the project phase or operational phase. Instead of merely assessing compliance with generic standard requirements, the auditor will be positioned to evaluate the safety, environmental sustainability, and technical soundness of the Project execution or Operational performance outputs.

Its effectiveness depends on how well it is implemented, the quality of the risk assessment, and the expertise of those conducting the audits

When executed well, RBTAP is an effective method for improving overall asset technical integrity and reducing organizational risks.