1. 1 3 rd Party Certification Process Overview Presented to: Houston STEPS Representing COS: Dr. Jeff Ostmeyer, CPEA EHS Advisor – Center for Offshore Safety Anadarko Petroleum Corporation June 19, 2012

2. 2 COS Mission Statement Our Mission... Promote the highest level of safety for offshore drilling, completions, & operations by effective leadership, communication, teamwork, utilization of disciplined safety management systems & independent third-party auditing & certification. Our Objectives… Enhancing and continuously improving industry's safety and environmental performance, Ensuring public confidence and trust in the oil and gas industry, Increasing public awareness of industry's safety and environmental performance, Stimulating cooperation within industry to share good practices and learn from each other, and Providing a platform for collaboration between industry, the government, and other stakeholders. 06/15/12

3. 3 COS Operating Basis The Center for Offshore Safety will be responsible for: Providing expert assistance to member companies, Assuring that third party certification program auditors meet the program’s goals, and that the program is complementary with government regulations, Compiling and analyzing key industry metrics, Coordinating Center sponsored functions designed to facilitate the sharing and learning process, Identifying and promoting opportunities for industry to continuously improve, Interfacing with Industry leaders to assure leadership and system deficiencies are recognized and addressed promptly, and Communicating with government and external stakeholders. 06/15/12

4. 4 One-stop central source for: -Information & knowledge -Audit accreditation -Program certification -Tools and technical assistance Promote an industry culture of incident-free operations -Process safety in addition to personal safety -Emphasis on behavior -No harm to people, no harm to environment Elevate the industry’s quality and safety standards -Create and share good practices -Continuous improvement COS Vision and Path Forward 06/15/12

5. 5 Key Objectives - COS 3 rd Party Certification COS accredited 3rd party audits satisfy BSEE’s requirements for audits. COS’s auditing process provides members with a higher level of confidence on managing risk and identifying specific opportunities for improving performance on their facilities. Member specific data is treated private and confidential. The auditing process results in learnings and good practices being shared with the COS which then shares with industry leading to improved industry performance. COS incurs no liability as a result of the audit process. Government regulators embrace COS accredited 3rd party audits as an effective means of complying with the regulations and improving industry performance. -DRAFT - Work in Progress 06/15/12

6. 6 Current SEMS Requirements COS Member Auditor(s)* Govt Regulators Retains auditing services Informs Audits * May be either internal or external -DRAFT - Work in Progress 06/15/12

7. 7 COS Member Auditor(s)* Govt Regulators Retains auditing services Informs Audits * Must be external -DRAFT - Work in Progress SEMS II (As Proposed) Informs Approves qualifications 06/15/12

8. 8 COS Planned Approach COS ASPs* COS Member Auditor(s) Govt Regulators Accredits Manages and provides oversight Retains auditing services Informs Audits Provides perspective * Audit Service Providers Start Informs Issues SEMS certificates -DRAFT - Work in Progress 02/16/12

9. 9 COS Member (Operator, Drilling Company, Service Company, and/or Supplier) 1.Determines need for SEMS audit to comply with government regulations and/or COS requirements, 2.Retains services of a COS accredited Audit Service Provider (ASP) to perform SEMS audits, 3.Takes responsibility for notifying government regulatory agencies as required by regulations, 4.Agrees to share SEMS audit data with the COS, via a standardized format, for purposes of determining industry trends, and 5.Takes responsibility for notifying government regulatory agencies of SEMS audit results. Basic Requirements Center for Offshore Safety (COS) 1.Establishes standards for 3rd party Audit Service Providers (ASPs), auditors, and SEMS audit protocol and certifications, 2.Works with COS members to understand industry audit requirements to assure sufficient numbers of COS accredited 3rd party auditors for COS members, 3.Accredits ASPs; periodically validates ASPs' and Auditors' performance, and effectiveness of COS audit protocol, 4.Compiles industry data and shares w/industry via COS reports and sponsored forums, and 5.Agrees to maintains confidentiality of COS Member specific data. -DRAFT - Work in Progress 06/15/12

10. 10 Auditor 1.Maintains qualifications and competency consistent with expectations of ASP expectations and requirements, COS standards, and government regulations, 2.Performs SEMS audit services solely in behalf of ASP; utilizes COS auditing protocols and standardized reports, 3.Complies with all government regulations and COS member safety requirements, 4.Agrees to maintain confidentiality of audit findings, and 5.Agrees to allow ASP and/or COS to periodically assess auditor qualifications, competency, and performance.. Audit Service Provider (ASP) 1.Retains the service of professional (e.g., qualified, competent, and certified) auditors and subject mater experts to provide SEMS auditing services for COS members, 2.Provides oversight to SEMS auditors to assure compliance with COS standards and SEMS auditing protocol, 3.Performs audit services in behalf of COS member; works with COS member to determine both scope, duration, and logistics of SEMS audit; agrees to maintain confidentiality of audit findings, 4.Issues SEMS certificate(s) at closeout of audit, and agrees to provide COS with standard report at closeout of audit, 5.Agrees to allow COS to periodically assess ASP and auditor performance. Basic Requirements -DRAFT - Work in Progress 06/15/12

11. 11 COS Suggested Strategic Approach to Managing Risk Through 3 rd Party Audits and Certification -DRAFT - Work in Progress Key Considerations 1) All offshore facilities do not represent the same inherent risk: -Deepwater Risk > OCS Risk -Drilling Risk > Operating Risk -New Operations Risk > Mature Operations Risk 2) The level of audit should match the level of risk: -Lower and moderate relative risk warrant 2 levels of audit control -Higher relative risk warrant 3 levels of audit control 3)Staging of audits should reflect risk; higher relative risk first 4)If resources are potentially limited then a process should be in place to assure those resources are focused on higher relative risk first 06/15/12 -DRAFT - Work in Progress

12. 12 COS Suggested Strategic Approach to Managing Risk Through 3 rd Party Audits and Certification -DRAFT - Work in Progress Training Requirements for Auditors (COS – 2 – 01) Audit Team Requirements (COS – 2 – 02) Audit Service Provider Oversight (COS – 2 – 03) Accreditation Organization Oversight (COS) (COS – 2 – 04) Increasing Levels of Control 1 st Layer of Control 2nd Layer of Control 3rd Layer of Control + Deepwater (+1000 ft) 06/15/12 -DRAFT - Work in Progress

13. 13 COS Suggested Strategic Approach to Managing Risk Through 3 rd Party Audits and Certification -DRAFT - Work in Progress 06/15/12 Training Requirements for Auditors (COS – 2 – 01) Audit Team Requirements (COS – 2 – 02) Audit Service Provider Oversight (COS – 2 – 03) Accreditation Organization Oversight (COS) (COS – 2 – 04) Increasing Risk Increasing Levels of Control 1 st Layer of Control 2nd Layer of Control 3rd Layer of Control + Lower Relative Risk (i.e., Mature Facilities on OCS) Moderate Relative Risk (i.e., Drilling on OCS) Higher Relative Risk (i.e., Deepwater Drilling and Operations) OCS Deepwater (+1000 ft) + + Requirements Addressed within Current SEMS Proposal -DRAFT - Work in Progress

14. 14 Lead Auditor COS Link to Competency Assurance COS Audit Service Provider Auditor(s) Accredits and periodically audits processes and joint competencies -DRAFT - Work in Progress May periodically evaluate individual competency May periodically evaluate individual competency Certified Training Provider Accredits and periodically audits training program 06/15/12

15. 15 COS/ASP/COS Member Company Relationships -DRAFT - Work in Progress COS Member Company Audit Service Provider (ASP) COS Membership Agreement -Ready for endorsement by COS Board -References COS publications Contract between ASP and COS Member Company -Suggested language for contract referenced in contract between COS and ASP Contract between ASP and COS -Under development by API -Stipulates using COS language in contract between ASP and COS Member Company -References COS publications Certification Process Audit protocol ASP qualifications Auditor qualifications Standard audit report 06/15/12

16. 16 COS Member/Contractor/ASP Relationships COS Accredited ASP COS Member Contractor* COS Accredited ASP Recognizes COS certificates Issued by other COS accredited ASPs and avoids duplication of auditing Resolves potential SEMS conflicts via bridging document Retains auditing services Issues SEMS certificates Issues SEMS certificates Retains auditing services * Generic term for drilling company, service/supply company, construction company -DRAFT - Work in Progress 06/15/12

17. 17 COS Certification – How it Works -DRAFT - Work in Progress Step 1 – Establishing Audit Service Providers -An ASP (as an independent entity with no ties to the COS) implements a business model for creating and managing an audit team to provide 3 rd party auditing services to industry. Audit team must be qualified and trained consistent with COS publications. -An ASP approaches COS/API for COS accreditation. -The ASP pays for the accreditation process and agrees to periodic oversight by COS. -The COS/API accredits Audit Service Provider(s (ASPs) and adds the ASP to the COS published list of accredited ASPs. 05/23/12

18. 18 COS Certification – How it Works -DRAFT - Work in Progress Step 2 – Linking Audit Service Providers with COS Members -A COS Member establishes a need for a 3 rd party audit and utilizes the COS website to identify/validate potential audit service providers (ASP). -The COS Member selects an ASP and enters into a business agreement with the ASP to provide a 3 rd party audit; the COS Member and ASP business contract includes language endorsed by the COS. -The ASP and COS Member agree to an “audit plan” consistent with COS protocols and publications. -The ASP provides the COS a courtesy notice such that the COS, at COS’ discretion, may provide oversight consistent with the accreditation process. 06/15/12

19. 19 COS Certification – How it Works -DRAFT - Work in Progress Step 3 – Performing the Audit and Closeout -The ASP performs a SEMS audit consistent with COS protocol. -The ASP, through the use of COS standard report, provides the COS Member Company a report that identifies SEMS gaps, and identifies which gaps must be closed out to “certify”. -The COS Member creates a gap(s) closure plan for review with the ASP. The ASP and COS Member agree to timing for gap(s) closure and which gaps closures must be validated by ASP. -The ASP also creates a recommendation on “good practices” that the COS Member may consider sharing with the COS. 06/15/12

20. 20 COS Certification – How it Works -DRAFT - Work in Progress Step 4 – Issuing Certificates -Upon closeout of audit gaps, the ASP issues the standard COS report to the COS, and -The ASP issues a dated COS Certificate. Step 5 – COS Member Company Follow-Up -The COS Member Company, at their own discretion, shares “better practices” with the COS (or allows the ASP to do so in their behalf). -The COS Member Company, consistent with COS Membership Agreement, maintains their SEMS program, and seeks out recertification within 3yr period. 06/15/12

21. 21 Assuring Team Competency Do individual team members meet requirements established in Section x.x (see slide # 22 for summary) Does Team Lead meet requirements established in Section x.x (see slide # 24 for summary) Does whole audit team meet requirements established in Section x.x (see slide #26 for summary) Audit may proceed Select different individuals and revalidate competency against Section x.x Select different Team Lead and revalidate competency against Section x.x Add additional and/or select different team members and revalidate competency against Section x.x Yes No Start -DRAFT - Work in Progress 06/15/12

22. 22 Audit Team Member Competency COS-1-03 Audit Team members shall meet the following minimum qualification requirements: -Two (2) yrs. offshore oil and gas (or related industry) experience, -Evaluated by either the Audit Service Provider (ASP) through the ASPs documented process or by a recognized auditor Certification Body (i.e., BEAC) -Completed a 24 hour training program that meets the applicable requirements outlined in COS-1-04, and includes three (3) hours of examination and/or skills evaluation. Technical competency of the audit team may be supplemented by use of Technical Experts with the following qualifications: -Bachelor’s degree or equivalent work experience, -Five (5) years experience in oil and gas (or related industry), and -Five (5) years experience specifically in the area of their expertise. If a Technical Expert is designated as an audit team member, then that Technical Expert must meet the expected requirements for audit team members. -DRAFT - Work in Progress 06/15/12

23. 23 Auditor(s) -DRAFT - Work in Progress Audit Service Provider Checks certification, training, and qualification as SEMS auditor Quality Assurance for Auditor Designation Certified Training Provider Provides COS endorsed SEMS auditor training and evaluation Note: An Audit Service Provider may also be a certified training provider. 06/15/12

24. 24 Audit Team Lead Competency -Been certified by an auditor Certification Body (i.e., BEAC, RAB-QSA, IRCA, etc.) as a management system auditor, -Participated in at least three (3) audits in the past three years, -Participated full time in at least one (1) audit as either a lead auditor or a lead-auditor-in-training, -A minimum five (5) yrs. offshore oil and gas (or related) experience within the last 8 years, -Completed an additional eight (8) hrs. lead auditor training class that includes one (1) hour on professional ethics, and one (1) hour of examination and/or skills evaluation. In addition to meeting the qualifications outlined for an audit team member, lead auditors will have: -DRAFT - Work in Progress 06/15/12

25. 25 Lead Auditor -DRAFT - Work in Progress Audit Service Provider Checks certification, training, and qualification as management system lead auditor Quality Assurance for Lead Auditor Designation Certified Training Provider * BEAC, RAB-QSA, IRCA, etc. Auditor Certification Bodies* Issues certification as management system auditor Provides COS endorsed SEMS lead auditor training and evaluation Note: An Audit Service Provider may also be a certified training provider. 06/15/12

26. 26 Audit Team Collective Competency Audit teams must have a joint competency that reflects: -Five (5) yrs. experience in development and implementation of HSE management systems, -Five (5) yrs. experience with MOC, HRAs, offshore procedures, process safety, and mechanical integrity, -Two (2) yrs. experience with interpretation and application of 30 CFR Part 250/RP 75, -Specific knowledge and understanding of COS RP75 SEMS audit protocols, and -Specific knowledge and experience related to operation of the facility. Collective competency may be achieved by either a single individual or the combined competency of multiple individuals. For full scale SEMS program certification, audit teams must have as a minimum of one (1) Audit Team Leader that meets the audit team lead qualifications plus two (2) additional auditors that meet the audit team member qualifications. Validation of individual facility compliance with a company’s SEMS program will be performed as agreed to between the ASP and the company. -DRAFT - Work in Progress 06/15/12

27. 27 Additional Key Points 1.The ASP is responsible for selecting, qualifying, and appointing audit team members and, if necessary, technical experts to assure audit team competence leads to a high quality audit. 2.The audit team, as a whole, must either have the required collective competency to assess the technical challenges of the facility being audited, or must supplement the audit team with qualified technical experts. 3.Specific roles and responsibilities of the audit team members must be documented and cross checked. 4.ASPs must have a documented process in place for periodically evaluating the performance of both audit team leaders and audit team members. 5.ASP’s are responsible for assuring audit team leaders are maintaining competency. 6.In addition to the training outlined in COS-1-01, each member of the audit team must have safety related training (i.e., HUET, TWIC, etc.) required by the offshore facilities being visited. 7.The COS reserves the right to periodically, at COS’s discretion, audit ASP processes and auditor(s) competency. -DRAFT - Work in Progress 06/15/12

28. 28 Lead Auditor* Audit Service Provider Auditor(s) -DRAFT - Work in Progress Periodically evaluates ASP Competency Evaluator Assigns Evaluates real time Provides oversight and leadership Periodically evaluates ASPs Link to Competency Assurance * Lead Auditors must also have a certification as a management system auditor issued by an internationally recognized auditor certification body (ACB) such as BEAC, RAB-QSA, IRCA, etc. 06/15/12

29. 29 Lead Auditor* Training Providers Link to Competency Assurance -DRAFT - Work in Progress Certified Training Provider ASP Competency Evaluator Trains, evaluates, and issues certification as COS SEMS lead auditor * Lead Auditors must also have a certification as a management system auditor issued by an internationally recognized auditor certification body (ACB) such as BEAC, RAB- QSA, IRCA, etc. Trains, evaluates, and issues certification as COS SEMS lead auditor Auditor(s) Trains, evaluates, and issues certification as COS SEMS auditor 06/15/12

30. 30 SEMS Audit Reporting Timeline -DRAFT - Work in Progress SEMS audit Initiated by COS Member COS Member contracts with ASP to perform SEMS audit COS provided a courtesy notification Audit Starts Auditing Complete – Formal audit close-out meeting between ASP and COS Member Draft Audit report provided to COS member by ASP ASP Audit Plan to COS Member As Agreed to by member and ASP 6 Months Maximum 3 years 30 Days Minimum 30 Days COS Member decides that audit will meet BSEE requirements COS Member provides audit plan to BSEE ASP issues COS Standard Audit Report to COS Member Report identifies NCs (does not include corrective action plans) BSEE Audit Complete COS Member completes report with corrective action plans to address NC’s identified in the COS Standard Audit Report issued by ASP Corrective action plans include timing and responsible parties If audit to fulfill BSEE requirement – ASP to submit the COS Standard Audit report to BSEE, and COS member to provide COS Standard Audit Report to BSEE with corrective action plans included ASP accepts and verifies corrective actions; all NCs must be closed out for ASP to certify ASP provides completed COS Standard Audit Report with corrective action plans to COS Good practices shared with COS, if approved by COS member ASP issues a dated COS SEMS Certificate Audit Closed COS Member Company maintains their SEMS program COS Member Company starts next COS certification audit within 3 year period COS Member implements corrective action plan As Agreed to by member and ASP COS member consults with ASP on a verification process. 06/15/12

31. 31 06/15/12 COS Standard SEMS Report -DRAFT - Work in Progress

32. 32 COS Standard SEMS Audit Report Stakeholders - Needs To ensure the needs of all stakeholders are met, we need to identify the stakeholders and understand their needs. A single report that meets all common stakeholder needs will benefit everyone. 06/15/12 -DRAFT - Work in Progress

33. 33 COS Standard SEMS Audit Report Stakeholders 1.Operator / Auditee 2.BSEE 3.COS 4.Industry (General Sense) 5.Industry (Senior Executives) 6.Public & NGO 06/15/12 -DRAFT - Work in Progress

34. 34 COS Standard SEMS Audit Report Stakeholders – Needs - Operator/Auditee 1.Provide a standard report format with enough detail to identify appropriate corrective action a.Adequacy of system vs failure to execute 2.Meet reporting needs to satisfy BSEE compliance requirements (directly transferable) a.Timely b.Minimize delays 3.Meet reporting needs to COS (directly transferable) a.Must add value 4.Avoid Failure a.Objectivity rather than Subjectivity b.Unacceptable delays in meeting regulatory timing requirements c.Provide enough detail to take action, without getting into excessive non-value added information 06/15/12 -DRAFT - Work in Progress

35. 35 COS Standard SEMS Audit Report Stakeholders – Needs - Industry (General Sense) Indirectly from COS 1.Timely access to data 2.General understanding a.What’s working (complying) b.What’s not working (noncomplying) c.Potential effective practices 06/15/12 -DRAFT - Work in Progress

36. 36 COS Standard SEMS Audit Report Stakeholders – Needs - Industry (Senior Executives) Indirectly from COS 1.Level of confidence on actual progress 2.Understanding of industry exposure 3.Limit individual company liability 4.Potential effective practices 06/15/12 -DRAFT - Work in Progress

37. 37 Standard COS SEMS Audit Report Includes: - all consistent needs Excludes: - non-consistent needs Report Who, What, When, Where, and How List of Non-Conformances Comfort level audit was thorough Operator/AuditeeCOSIndustry General Sense Industry Senior Executives BSEE Public & NGO 06/15/12 -DRAFT - Work in Progress

38. 38 COS Audit Report Report Who, What, When, Where, and How List of Non-Conformances Comfort level audit was thorough Operator/Auditee - Implement corrective actions - Identify Good Practices for Sharing with COS - Application of learnings from COS COS - Gather and share Good Practices - Analyze facts from audits - Prioritize facts - Suggest focus areas - Share learnings as appropriate Industry General Sense - Good Practices - Learning Industry Senior Executives - Good Practices - Learning BSEE Public & NGO Utilization of report findings 06/15/12 -DRAFT - Work in Progress

39. 39 Audit Report Cover Pages –Who, What, When, Where, and How Results –Section for each of the 13 SEMS Elements –Nonconformances SEMS Element SEMS Audit Question Regulatory Requirement Nonconformance Objective Statement of Nonconformance Corrective Action Plan Responsible Person and Title Due Date Date Closed 11Text from ProtocolObjective statement 12Text from ProtocolObjective statement 13Text from ProtocolObjective statement 14Text from ProtocolObjective statement 06/15/12 -DRAFT - Work in Progress

40. 40 SEMS Elements Analysis – Raw Data - % Conformance by Element % Compliance Element 06/15/12 -DRAFT - Work in Progress

41. 41 SEMS Elements Analysis – Raw Data - % Conformance by Question in Element Element 7 % Compliance Question 06/15/12 -DRAFT - Work in Progress

42. 42 SEMS Elements Analysis – Ranked Data Element Rank by # of NC# of NC # of Identified Good Practices 3Highest2 120 83 …… 4Lowest6 06/15/12 -DRAFT - Work in Progress

43. 43 SEMS ESEMS Evaluation & actionlements - Results Analysis – Ranked by Company Compliance (blind) % Compliance Company 06/15/12 -DRAFT - Work in Progress

44. 44 SEMS Evaluation & action Develop and implement blind voluntary system for COS Members to share effective practices, by SEMS Element, with other COS Members –Members with an effective SEMS element can provide effective practices Members can view effective practices provided by other members May have a COS review panel to evaluate provided effective practices –COS review panel could include ASP –COS review panel may include BSEE? COS develops list of Subject Matter Experts (SME) by SEMS Element –Members contact COS SME for assistance 06/15/12 -DRAFT - Work in Progress

45. 45 SEMS Elements - Results Analysis – Ranked by Question Compliance within Element % Compliance Question 06/15/12 -DRAFT - Work in Progress

46. 46 SEMS Elements - Results Analysis – Ranked by questions with lowest Compliance % Compliance Question 06/15/12 -DRAFT - Work in Progress

47. 47 SEMS Evaluation & action Critical review of findings and corrective actions for questions with greatest incidence of noncompliance. –Risk rank questions Focus on higher risk issues first –Identify commonalities and trends »Perform broad root cause analyses as appropriate »Identify and seek good practices »Identify potential corrective actions »Share learnings 06/15/12 -DRAFT - Work in Progress

48. 48 Questions? 06/15/12 Measuring Success -DRAFT - Work in Progress

49. 49 Questions? 06/15/12