NJQS Core Audit Module Version: 1.06 NipeX Joint Qualification System (NJQS) NNPC NipeX Office, 30 Oyinkan Abayomi Drive, Ikoyi, Lagos, Nigeria Tel: +234 (0)1 271 7592; +234 (0)1 463 0523 -6; Website: www.nipexng.com or www.nipex.com.ng Email:
[email protected] or
[email protected] NJQS CORE AUDIT MODULE CONTENTS Assessmen Requ remen s Preface Issue Record 1. Company Registration 2. Financial Information 3. 4. Organisational Capacity Plant & Equipment 5. Software 6. Document Management 7. Personnel 8. Nigerian Content 9. Health & Safety Management 10.Occupational Health 11.Environmental Management 12.Accident & Incident Reporting and Investigation 13.Security & Continuity Planning 14.Quality Management 15.Corporate Social Responsibility 16.Insurance 17.Subcontractor & Supplier Management 18.Competency & Training © Copyright 2007, 2008 Achilles Information 30 th ¡ Page Number 3 3 4 4 4 5 5 6 6 7 7 8 9 10 10 10 11 12 12 13 Page 2 of 14 March, 2008 NJQS CORE AUDIT MODULE Preface This doc m contains the ³Core´ assessment protocol by which NipeX will meas re the Nigerian Upstream Oil & Gas s pply chain. The principle constituents of this process are the verification and assessment of the quality and applicability of their supply chains management systems. ¢ ¥¤£ ¢ ¢ Issue Record This protocol will be subject to change and updating as a result in the following areas: Changes in applicable statutory instruments Recommendations from enforcement authorities or industry bodies focusing on either prevention of accidents or new best practice Changes in the NipeX contractual conditions The document will be made available on the NJQS portal. An appropriate notification will be placed on the portal advising of any changes made to the document. Version History No. 1.01 1.02 1.03 1.04 1.05 1.06 Date 02 04 30 12 04 30 Feb 2007 July 2007 Aug 2007 Nov 2007 Dec 2007 Mar 2008 Author / Editor W. Nelson M. Ford W. Nelson J. Agbeyei O. Orife O. Orife Comments Reviewed by M.Ford, W. Nelson & NJQS Team Reviewed by NJQS Assessment Team Sub clauses added. Section 1 redesigned. © Copyright 2007, 2008 Achilles Information 30 th Page 3 of 14 March, 2008 NJQS CORE AUDIT MODULE ASSESSMENT REQUIREMENTS 1. Company Registration 1.1 The company must be registered to do business in Nigeria and with all other relevant authorities. The Assessor should establish that the organisation being assessed holds all relevant approvals for the scope of work undertaken through examination of pertinent certificates of authorisation including: 1.1.1 Department of Petroleum Resources - DPR permit 1.1.2 Corporate Affairs Commission (CAC) - Certificate of Incorporation, 1.1.3 Form CAC2.5 (or C.O.2) - statement of share capital and return of allotment of shares 1.1.4 Form CAC2.3 (or C.O.7) - particulars of directors 1.1.5 That the company has filed annual returns with Corporate Affairs Commission (CAC10) 1.1.6 Nigeria Communication Commission (NCC), where applicable 1.1.7 Federal Environmental Protection Agency (FEPA), where applicable 2. Financial Information 2.1 The company must be able to demonstrate their financial capabilities and capacities. The Assessor should establish the following: 2.1.1 That the company can demonstrate their average annual turnover 2.1.2 That the last 3 years accounts have been audited and approved 2.1.3 That an Asset Register is maintained and controlled 2.1.4 The percentage of owned assets and equipment with evidence of ownership 2.1.5 The percentage of leased assets and equipment with evidence of lease agreement, where applicable. 2.1.6 Evidence as to which assets have been contracted out and / or are operationally engaged 2.1.7 That the company holds a valid VAT certificate 2.1.8 That the company can produce the last 3 years Tax Clearance Certificate. 2.2 Do you have a fraud and malpractice policy and how does the organisation ensure adherence? The Assessor should establish the following: 2.2.1 Does the organisation work with their suppliers to prevent bribery & corruption within its supply chain? 2.2.2 Does the organisation have a lenient view of bribery or receipt of gifts within their supply chain? 3. Organisational Capacity 3.1 The company must be able to demonstrate their organisational capacity relating to working in the Nigerian Oil & Gas industry. The Assessor should establish the following: © Copyright 2007, 2008 Achilles Information 30 th Page 4 of 14 March, 2008 NJQS CORE AUDIT MODULE 3.1.1 The company¶s work history in Nigeria 3.1.2 Technical partners and associates including Memorandum of Understanding (MOUs) 3.1.3 That the company can produce evidence of current contracts and those contracts completed in the last 3 years 3.1.4 Any commendations or awards the company has received for contracts undertaken 3.2 Evidence of current organisational charts identifying key managerial posts i.e. health, safety, quality, environmental, technical and their responsibilities Office & Site Locations 3.3 The Assessor should establish the following: 3.3.1 What type of facility does the organisation have, do they have an administrative office, branch office or operational base. 3.3.2 Assessor to describe the facilities and building type (also take photographs of offices to verify comments). 3.3.3 Photo of Organisation 4. Plant & Equipment 4.1 The company must be able to demonstrate the origin of all Plant & Equipment The Assessor should establish the following: 4.1.1 What percentage of plant and equipment (and integral components) has been manufactured within Nigeria 4.1.2 That plant & equipment is subject to periodic servicing, maintenance and calibration as required 4.1.3 That a scheduled maintenance plan is in place 4.1.4 That records of service / maintenance and calibration are retained 4.1.5 That all maintenance, servicing and calibration is undertaken by competent personnel and / or organisations 4.1.6 If the organisation uses cranes (Fixed or mobile), do they have processes in place to undertake checks on their stability/structure/service history? 4.1.7 Are checks completed by competent persons? 5. Software 5.1 The company must be able to demonstrate ownership status of relevant software packages used The Assessor should establish the following: 5.1.1 Total units of software owned (with records of ownership) 5.1.2 Percentage of software developed In-Country 5.1.3 Records of units of software shared, if any © Copyright 2007, 2008 Achilles Information 30 th Page 5 of 14 March, 2008 NJQS CORE AUDIT MODULE 6. Document Management 6.1 What are the organisations arrangements for the identification of all documents that require control, to ensure the effectiveness of its operations? The Assessor should establish the following: 6.1.1 The organisation has a Document Control Procedure that identifies the key documents requiring control. Such as: National & International Standards, relevant Legislation and Regulations Industry and Contract Specific Documentation Documents supporting the organisation¶s processes 6.2 The Document Control Procedure should identify: 6.2.1 How documents are reviewed and changes identified 6.2.2 How documents are issued and reach their point of use; in particular multi-sites 6.2.3 The process for cancelled and superseded documentation 6.2.4 Archiving 6.2.5 A master list of controlled documents and their status is Maintained 6.2.6 If the organisation is not subject to formal 3rd party certification, do they intend to achieve this registration in the future (record estimated timescale)? 6.2.7 Alternatively, if the company have a formal system in place that is effective and they do not intend to implement a third party system, this should be taken into account 7. Personnel 7.1 The company must be able to demonstrate the competency and numbers of personnel used The Assessor should establish the following: 7.1.1 The total number of employees 7.1.2 The ratio of professional to non professional employees 7.1.3 The number of permanent and contract personnel 7.1.4 The competencies held for personnel delivering the scope of Product and/or Service applicable to NJQS registration with records of certification available. 7.1.5 That the company maintains an organisation chart documenting the distribution and reporting lines of key personnel . 7.2 The company must be able to provide information on the expatriate personnel engaged (if applicable) The Assessor should establish the following: 7.2.1 The approved expatriate quota 7.2.2 The (actual) ratio of expatriates to Nigerian employees 7.2.3 That the competencies / skills of expatriate staff are currently unavailable In-Country OR that the skills / competencies from expatriate staff shows high degree of specialisation 7.2.4 That succession planning is in place, with a view to raising the skill set of Nigerian staff 7.2.5 That the expatriates have the required work permits and ply their trade legitimately © Copyright 2007, 2008 Achilles Information 30 th Page 6 of 14 March, 2008 NJQS CORE AUDIT MODULE 8. Nigerian Content 8.1 The company must be able to demonstrate the Nigerian Content of the company The Assessor should establish the following: 8.1.1 That company has a local content policy in place 8.1.2 That the company is aware of the NCD directives on local content 8.1.3 That the company is aware of NCD directives that impact their operations 8.1.4 How the company implements NCD directives and that the company has a proven process for implementation of local content policy 8.1.5 That a Nigeria Content Development (NCD) driver is in place 8.1.6 That the organisation sources goods and services locally (where applicable) 9. Health & Safety Management 9.1 The company must be able to demonstrate that appropriate Health & Safety controls are in place The Assessor should establish the following: 9.1.1 That the company has a documented Health & Safety Policy signed by the managing director 9.1.2 That the company has appointed a manager with responsibility for Health & Safety and that this responsibility is reflected on the appropriate organisation chart 9.1.3 That the responsibility for implementation of Health & Safety arrangements has been allocated to competent persons 9.1.4 That the company has formally documented their Health & Safety controls as part of their Management System 9.1.5 That documented Health & Safety procedures are subject to periodic audit with proof of documented audit schedule 9.1.6 That any corrective and preventative actions identified are managed effectively 9.1.7 Whether the company has achieved certification to an internationally recognised standard e.g. OHSAS 18001 or has documented plans in place to do so 9.1.8 That applicable risks have been identified and assessed by competent personnel 9.1.9 That risk assessments have been documented and are subject to periodic review 9.1.10 That control measures identified through the risk assessment procedure have been implemented e.g. PPE issue, First Aid provision, Eye Wash, Fire Extinguishers are provided and regularly serviced etc 9.1.11 That there are fire alarms, smoke detectors and other fire suppression systems in use 9.1.12 Does the organisation provide first aid to its workers 9.1.13 That PPE is provided FREE of charge 9.1.14 Records of receipt and issuance of PPE have been retained 9.1.15 That all staff and subcontractors have been briefed and trained on the identified safety issues and controls with records of briefing / training retained © Copyright 2007, 2008 Achilles Information 30 th Page 7 of 14 March, 2008 NJQS CORE AUDIT MODULE 9.1.16 That the company has a process to test and monitor the effectiveness of the identified control measures 9.1.17 That the company periodically reviews the safety performance of their suppliers and subcontractors prior to engagement 9.1.18 That the company has a documented Emergency Preparedness & Response Plan 9.1.19 That the Health & Safety system is subject to periodic Management Review and that the outcome is used for continual improvement 9.1.20 That the company promotes H&S collaborative measures with workers and client organisations (e.g. workshops, safety week etc) 9.1.21 That the organisation publicises the effectiveness of Safety management systems (annual reporting etc) 9.1.22 That the company follows all Health & Safety rules & guidance provided by contractual requirements (NipeX & IOC) 9.1.23 That the company provides awareness / guidance on H&S principles to all areas of the workforce 9.1.24 That the organisation ensures there is access to a competent party to provide sensible guidance on all H&S areas (This can be internal or a suitable 3 rd party) 9.1.25 This individual or 3 rd party must have relevant experience in the oil & gas industry 9.1.26 That the organisation identified any hazardous substances used that may fall within the scope of the risk identification 9.1.27 That the organisation holds Manufacturers Safety Data sheets for all substances used 10. Occupational Health 10.1 The Assessor should record which of the listed health impacts may potentially arise from the scope of their operations. 10.1.1 What measures have been introduced to attempt to combat potential health issues from these areas: -? Chemical - Dusts - Gases - Vapours - Liquids - Mists - Fumes Biological - Fungi - Moulds - Bacteria - Viruses Physical / Psychological Musculoskeletal Disorders Ill health due to vibrations Y/N Comment Y Y/N Comment Y/N Comment Y © Copyright 2007, 2008 Achilles Information 30 th Page 8 of 14 March, 2008 NJQS CORE AUDIT MODULE Ill Health Noise Heat Radiation Stress Violence Alcohol & Drugs Y 10.2 Does the company undertake any Health Surveillance? The Assessor to review: 10.2.1 What the company does with the information ± Where applicable. 10.2.2 Does the organisation have a medical retainership (or arrangements) with a hospital or clinic other 11. Environmental Management 11.1 The company must be able to demonstrate that appropriate Environmental controls are in place The Assessor should establish the following: 11.1.1 That the company has a documented Environment Policy signed by the managing director 11.1.2 That the company has appointed a manager with responsibility for Environmental Management and that this responsibility is reflected on the appropriate organisation chart. 11.1.3 That the company has formally documented their Environmental controls as part of their Management System. 11.1.4 That documented Environmental procedures are subject to periodic audit with a proof of documented audit schedule. 11.1.5 That any corrective and preventative actions identified are managed effectively 11.1.6 Whether the company has achieved certification to an internationally recognised standard e.g. ISO 14001 or has documented plans in place to do so 11.1.7 That all staff and subcontractors whose tasks may impact on the environment are trained and competent 11.1.8 That the company has formally assessed their environmental impacts and documented the appropriate control measures 11.1.9 That environmental risk control measures have been briefed to all staff / subcontractors as appropriate and that formal communication on environmental issues to concerned parties is in place 11.1.10 That relevant training on Environmental Impact Assessment and Control is provided to staff and subcontractors 11.1.11 That the responsibility for implementation of these arrangements has been allocated to competent persons 11.1.12 That the identified control measures are periodically tested and reviewed 11.1.13 That any environmental incidents have been reviewed and incorporated into the assessment process 11.1.14 That the Environmental Management System is subject to periodic Management Review e.g. Internal Audit findings 11.1.15 That there is periodic Environmental Impact Assessment (EIA) reporting, where applicable © Copyright 2007, 2008 Achilles Information 30 th Page 9 of 14 March, 2008 NJQS CORE AUDIT MODULE 12. Accident & Incident Reporting and Investigation 12.1 What are the organisation¶s arrangements for the investigating and reporting of all Accidents, Incidents and Near Misses? The Assessor should establish the following: 12.1.1 The investigation of the origin and underlying causes of work related injuries, ill health and incidents are undertaken. 12.1.2 Does the organisation maintain records of accidents and incidents (This includes safety & environmental incidents)? What do they do with the information? 12.1.3 The organisation has communicated the accident reporting process to its workforce and where applicable sub contractors 12.1.4 That the organisation has a documented process for undertaking local investigations. This should include: - That competent people are undertaking the investigation - All operatives are aware of the investigative process - A mechanism for feeding into the Clients formal enquiry process - That arrangements are in place to assist and provide records to regulatory bodies i.e. Police, Social Insurance institutions etc. 13. Security & Continuity Planning 13.1 The company must be able to demonstrate that a Security & Continuity Plan is in place The Assessor should establish the following: 13.1.1 The company has a documented Security & Continuity Policy 13.1.2 That measures are in place to ensure data protection 13.1.3 That measures are in place to ensure the safety of personnel, facilities and assets 13.1.4 That the Security & Continuity Plan is subject to periodic assessment and review 14. Quality Management Systems 14.1 The company must be able to demonstrate that appropriate Quality Management controls are in place The Assessor should establish the following: 14.1.1 That the company has a documented Quality Policy signed by the managing director 14.1.2 That the company has appointed a manager with responsibility for Quality Management and that this responsibility is reflected on the appropriate organisation chart 14.1.3 That the company has formally documented their Quality Management controls, procedures and processes, as part of their Management System 14.1.4 That documented Quality procedures are subject to periodic audit with proof documented audit schedule 14.1.5 That any corrective and preventative actions identified are managed effectively © Copyright 2007, 2008 Achilles Information 30 th Page 10 of 14 March, 2008 NJQS CORE AUDIT MODULE 14.1.6 Whether the company has achieved certification to an internationally recognised standard e.g. ISO 9001 or has documented plans in place to do so 14.1.7 That the Quality management System is subject to periodic Management Review (with relevant records) 14.1.8 That staff and subcontractors have been briefed on the Quality management controls *Assessor Note: The most recent 3 rd party surveillance report should be reviewed to establish that no significant shortfalls were identified that could import unnecessary risk to NipeX. 14.2 Does the company have documented processes for the control and production of the following? 14.2.1 14.2.2 14.2.3 14.2.4 14.2.5 14.2.6 Quality Assurance & Control procedures Inspection Plans Inspection Checklists Test Checklists Operative qualifications If the organisation provides goods in large volumes, do they do sample checks? * The Assessor should record which of the above are applicable to the company¶s scope of work and the control mechanisms used to ensure these processes are discharged in a controlled manner. 14.3 Does the company have a controlled, formal Handover Process for completed works or goods delivery process? The Assessor should establish the following: 14.3.1 The type of handover process in place 14.3.2 If the process is documented, how is this controlled? 15. Social & Ethical Controls (Corporate Social Responsibility) 15.1 The company must be able to demonstrate their Corporate Social Responsibility controls The Assessor should establish the following: 15.1.1 That the company has reviewed and assessed any labour suppliers used 15.1.2 That wages paid are fair and appropriate 15.1.3 That working hours are assessed and controlled 15.1.4 That the company does not use child labour 15.1.5 That the company has a community relations policy 15.1.6 That adequate and suitable welfare facilities are provided for all workers e.g. Toilets, drinking water 15.2 Are all workers including those on a temporary or seasonal contract issued with a contract containing details of their employment? The Assessor should establish the following: 15.2.1 Sample personnel files and validate that workers are issued with a contract, detailing information about their employment ter ms including temporary or seasonal workers. © Copyright 2007, 2008 Achilles Information 30 th Page 11 of 14 March, 2008 NJQS CORE AUDIT MODULE 15.3 Does the company have a contributory pension scheme? The Assessor should: 15.3.1 Establish whether the company has a pension scheme complaint with government legislations ± A1 15.3.2 Establish the nominated pension manager(s) 15.3.3 Obtain evidence of remittances 15.3.4 Establish that the company maintains a life insurance policy in favour of the employee ± A1 16. Insurance 16.1 How does the organisation ensure that it has adequate insurance? 16.2 The Assessor should establish at the time of the audit that the organisation has current certificates of insurance in place for the service the organisation provides The Assessor should establish the following: 16.2.1 Employers Liability Minimum cover $X,000,000 16.2.2 Public Liability Minimum cover $X,000,000 16.2.3 Product Liability Minimum cover $X,000,000 16.2.4 Professional Indemnity Minimum cover $X,000,000 16.2.5 Theft, Fire or Peril Minimum cover $X,000,000 16.2.6 That the scope identified within the companies i nsurance portfolio is sufficient for the work they undertake. 16.2.7 That there are no µexcess¶ or µrestrictions¶ that limit the company¶s indemnity In all cases the Assessor should record the following information Name of the insurance company Policy Numbers Amount of cover for each type of insurance held Expiry date The scope of work insured against (A copy of all relevant certificates and associated paperwork should be taken and included in the main report): 17. Subcontractor & Supplier Management 17.1 Has the organisation identified a person who has authority for subcontractors and /or suppliers used to provide their scope of services? The Assessor should establish the following: 17.1.1 Who the person is and do they work for the company 17.2 How does the organisation ensure effective management of their suppliers and subcontractors? The Assessor should establish the following: 17.2.1 That the company has reviewed and assessed any suppliers used © Copyright 2007, 2008 Achilles Information 30 th Page 12 of 14 March, 2008 NJQS CORE AUDIT MODULE 17.2.2 That the companies being used are permitted by the client 17.2.3 Does the company maintain an approved register for suppliers & subcontractors? 17.2.4 Does the organisation have a process for the recording and monitoring of any corrective actions raised at subcontractor audits? 18. Competency & Training 18.1 What are the organisations policy and arrangements for the training of workers? The Assessor should establish the following: 18.1.1 That training records are held 18.1.2 That there is a training plan 18.1.3 That the training process covers at least: o Company structure o Roles and responsibilities o Training and competency requirements o Relevant Legislative and Regulatory requirements o Site-specific requirements o Subcontract personnel 18.2 Has the organisation identified all activities, systems and components of their activities requiring Competency Management Control? The Assessor should establish the following: 18.2.1 Evidence of a defined list identifying all competencies contained within the company¶s Competency Management System 18.2.2 How the organisation ensures they use only competent sub-contractors and do they have a process in place for their workforce? 18.3 Are the services of the organisation covered by licences or other government requirements? The Assessor should establish the following: 18.3.1 The type of licence needed and who issues it 18.3.2 How often it is subject to review 18.3.3 That the company¶s have a means of identifying certification expiry/retraining event dates and also where necessary competencies audit events due dates. 18.3.4 The organisation have a process in place that allows them to verify the validity of certificate held 18.4 How does the organisation ensure that arrangements are in place for the training of personnel? The Assessor should establish the following: 18.4.1 That the company has reviewed and assessed any labour suppliers used 18.4.2 The frequency of training 18.4.3 Training is provided free 18.4.4 Sample personnel records © Copyright 2007, 2008 Achilles Information 30 th Page 13 of 14 March, 2008 NJQS CORE AUDIT MODULE 18.5 How does the organisation ensure that competency and training records are maintained and are available for verification? The Assessor should establish that as a minimum, the organisation is ab le to demonstrate the following: 18.5.1 Dates for re-audit/expiry dates of certificates issued to workforce 18.5.2 Certificates of competence for each person signed by the person defined in the competence management system (Where applicable) 18.5.3 The standards of competence selected are appropriate for the work role of the candidate (This can be verified by assessing job description and training record or training matrices). 18.6 How does the organisation ensure that the competency management system is effective and being adhered to? The Assessor should establish that the organisation is carrying out sufficient checks to verify that: 18.6.1 Identified activities are being assessed 18.6.2 Audit practice is being monitored 18.6.3 That competent Assessors (Internal & External) retain technical expertise 18.6.4 Any remedial action is recorded and carried out 18.6.5 Changes are implemented 18.6.6 That verification checks are subject to audit 18.6.7 The organisation have measures in place to counter fraud in relation to the issue of competency cards © Copyright 2007, 2008 Achilles Information 30 th Page 14 of 14 March, 2008