Offshore safety in the wake of the Macondo disaster: the role of the regulator.

• Author: Weaver, Jacqueline L.
• Position: Part 2 - III. The Role of the Regulator: Best Practices through C. The U.S. Safety Regime Today 3. The Tools Today: SEMS Auditing c. The "COS World" of SEMS Auditing through IV. Where the Gaps Are: Meet OESAC, p. 420-469

3. The "COS World" of SEMS Auditing

   COS was born into this SEMS I world and immediately set out to create an auditing process appropriate for deepwater operations in the Gulf. The "COS World" depicted in Figure 2 below shows the process that COS created and that COS members must use to audit their SEMS I programs. Much more detail appears in the COS documents themselves.

   Several features of COS World bear noting. First, no formal arrow links BSEE to COS World. While BSEE had adopted API RP 75 as the basis of its SEMS I regulations, COS simply took the regulations and then created its own auditing system. Thus, two parallel SEMS auditing worlds exist, both designed to assure that the audited company has an operationally effective SEMS program, not just a paper file prepared by consultants and sitting on an operator's shelf or in an electronic file. Of the two, the COS system is far more specific and robust than the auditing provision in RP 75, as incorporated into the SEMS I regulations. If an operator conducts a COS audit, this audit will meet all auditing requirements in SEMS I World. The converse is not true.

   Second, COS plays a defining role in accrediting the companies, now called Audit Service Providers (ASPs), that are allowed to perform COS audits. COS polices every phase of the auditing process, from setting minimum qualifications for the audit team leader and team members to creating standardized audit reporting formats, protocols and time tables. (153)

   Third, all of the actions involved in performing an audit occur between the Audit Service Provider and the COS Member in terms of developing an audit plan, performing the audit, creating a Corrective Action Plan (CAP), and verifying that it has been completed. (154) Once a company is accredited by COS as an ASP, COS has no role in the actual auditing process. In reality, however, because the ASP must use COS-created forms and templates, COS's hands are deep inside every COS member's audit.

   Fourth, after the audit report is final, COS steps back into the picture in an important way. The ASP is required to send the final audit report to COS with no company-identifying information. (155) COS will use the confidential data thus obtained to prepare analyses as described further below. (156) If authorized by the COS member company, the ASP may also submit a summary of what it found to be a good practices(s) used by that COS member. (157)

   Finally, there is a possible relationship between the individual COS Member and BSEE, if the COS Member is an operator/lessee rather than a drilling contractor or service provider. (158) The COS Member who is a deepwater operator/lessee can carry its COS audit report from "COS World" over to "SEMS I World." The COS audit process satisfies the audit requirements for SEMS 1. (159) Shallow-water operator/lessees can use all of the COS documents posted in COS World to help assure that their internal or external auditors are performing a robust audit. However, COS will not receive any audit report information from operators who work only in shallow water because they are not COS members.

4. The SEMS II World: BSEE and COS Meet

   On April 5, 2013, BSEE issued SEMS II, which revised and added several new elements to the SEMS I rule, effective as of June 4, 2013. (160) SEMS II also revised the auditing procedure to require that all SEMS programs be audited by an accredited third-party auditor. The "SEMS II World" is depicted in Figure 3 below, and it is here that BSEE and COS (as an Accreditation Body, or "AB") are formally linked.

   BSEE will begin to receive SEMS II audits after June 4, 2014. (161) The SEMS II World has several notable features. First, four distinct players appear in this world. BSEE and the operator/lessee remain, but the "auditor" under SEMS I has become two new entities: an AB and an ASP. An AB is an Accreditation Body that accredits the external third-party providers of auditing services, now formally called Audit Service Providers, or ASPs, in the SEMS II regulations. (162) COS is the only such body in existence today, so COS is named in Figure 3 as the AB.

   Secondly, BSEE's only formal link to COS is that BSEE "approves" COS as an Accreditation Body. (163) Once approved, the audit process runs as set up in COS World. COS accredits the external, third-party providers of auditing services, now called Audit Service Providers (ASPs). (164) The operator/lessee retains an ASP, and that company performs the SEMS II audit with the additional SEMS II elements which the operator must have incorporated into its safety management plan by June 4, 2014.

   Third, and importantly, under SEMS II regulations, the ASP must use the COS-created auditing protocols and reporting templates and must deliver a final audit report to the operator/lessee, using the COS-standardized forms created in "COS World" and now incorporated by reference in the "SEMS II World." (165)

   Finally, the auditor has no direct communication with BSEE, the regulator. Only the operator/lessee submits its audit plan, audit report, and corrective action plan to BSEE. This reflects BSEE's position that the operator/lessee is accountable for all safety management on its facilities.

   In short, BSEE "approves" the Abs (166) that will then undertake to accredit the companies that want to become qualified "ASPs" under the qualification standards which appear in a COS document incorporated by reference in BSEE's regulations. (167) All SEMS II audits must be conducted by using an Accredited Service Provider (ASP) that puts together an audit team containing individuals who have the specific training required by another COS document incorporated by reference into BSEE's regulations. (168) Because the SEMS II regulations incorporate by reference so many COS protocols containing detailed standards and procedures, the COS-created audit framework will apply to any offshore operator's audit, whether or not it is a COS member operating in deep water. (169)

   The astute reader will realize that "COS World" continues to exist, side by side, with the SEMS II World. Operator/lessees that seek only to satisfy the SEMS II auditing system can simply reside in the SEMS II World depicted in Figure 3. Nothing in the regulations requires a company to become a COS member. Thus, non-COS members never need to enter into COS World (in Figure 2) where their selected ASPs will submit all final audit reports to COS, stripped of company-identifying information. (170) All COS members who are deepwater operator/lessees will live in both parallel worlds simultaneously. But, only in COS World does the deepwater operator/lessee receive a formal SEMS Certificate from its Audit Service Provider, indicating that the latter has verified that the operator has completed its Corrective Action Plan and is now in total compliance with the SEMS requirements. (171)

5. Assessment of the SEMS II and COS Auditing Worlds

   The SEMS II regulatory framework described above for SEMS compliance looks like "industry self-regulation through third-party audits." Other than adding several new SEMS elements and mandating that auditors be external, the entire SEMS II system adopted by BSEE is based on industry practices founded in API RP 75 and COS-created protocols and templates. Two observations follow.

   First, the system reflects the view that the operator must be the entity primarily accountable for safety. As former BSEE Director James Watson articulated BSEE's role: "We are moving to an operator-driven safety program with BSEE oversight." (172)

   Second, the system does not reflect the recommendation of the National Academy of Sciences' Transportation Research Board reports on best practices for safety audits. The TRB Report's conclusion on assessing the effectiveness of SEMS compliance bears repeating here: "An organization cannot turn over the development and monitoring of its safety program to a third party and expect the program to be effective." (173) The use of third-party auditors continues and fosters a compliance mentality by the company. The National Academy would have devolved even more responsibility on the individual operator to self-audit using "cold-eyed" internal, independent auditors.

   Thus, the SEMS II auditing system can be simultaneously criticized for allowing too much industry self-regulation and for allowing operators to outsource their SEMS audits to third parties. As to the latter criticism, two efforts are made in SEMS II to encourage more operator involvement in an audit. The first allows the operator to supply its own employees (if qualified under COS standards) to be members of the ASP audit team, although the operator's employee can never be the audit team leader. (174) Secondly, SEMS II requires that operator/lessees review their SEMS program for effectiveness at least annually and document the observations, conclusions and recommendations of that review. (175)

   As to the first criticism that the new offshore safety regime amounts to little more than industry self-regulation, the key question is whether BSEE has the authority and the expertise to perform effective "oversight" of the SEMS auditing process. The SEMS II rules give BSEE several opportunities to intervene in the SEMS regime. First, BSEE must approve the ABs that accredit the Audit Service Providers. Once approved, BSEE may subject the ABs to audits and "other requirements deemed necessary" to verify compliance with accreditation requirements. (176) So, BSEE can "audit the auditor's auditor," which is to say that BSEE can audit the AB's auditing of the ASPs. For example, BSEE could investigate what COS, as an AB, does to ensure that the ASPs it accredits have a process that assures proper audit team training and that the auditors, in fact, have the proper training. (177)

   Otherwise, BSEE is largely a receiver of information from the operator/lessee, but the information received does allow for critical oversight of the operator's...