Process Safety Progress, Vol.35, No.3, 295-299, 2016
PSM Auditing: Thinking Beyond Compliance
The process safety management (PSM) rule requires a "compliance audit" at least every 3 years. This description implies that the purpose of the audit is to ensure that legal requirements are met. Thoughtful companies recognize that meeting the minimum legal requirements may not be sufficient, and also audit for conformance with their internal company standards and procedures. However, in audit programs designed to check compliance with either legal or legal+internal requirements, there is an implicit assumption that conformance will result in an acceptable process safety performance. In other words, if all of the "inputs" are right (i.e., there is compliance with the standards and procedures), then process safety is being managed effectively-and the desired "outputs" will follow. This assumption may not be valid! In reality, managing process safety requires the meshing or connecting of several related work processes or activities in order to effectively deliver the desired results. Checking each activity for compliance with standards does not necessarily ensure that the sum of the connected activities is delivering what was intended. Take, for example, the identification and control of major risk scenarios. The PSM intention is that risk scenarios are identified in either the initial Process Hazard Analysis (PHA) or subsequent revalidation, sufficient controls are provided to meet the corporate risk criteria, the controls are maintained throughout the operating life, the operating, technical, and management teams are trained in and understand the scenarios and the scenarios are well documented in the operating procedures. Compliance auditing typically checks that all of the individual activities are "compliant" (PHA conducted on time and actions closed, trip system testing completed per schedule, training records complete, operating procedures updated on time, etc.). Such an approach does not typically track that the content is carried consistently through the collection of processes, and that the knowledge and controls for the identified scenarios are in place and robust. This article proposes an audit approach which checks both that the organization is compliant with the prescribed activities and procedures, and that the activities and procedures are effectively delivering the intended results. The main focus is on applying this approach to the aspects of PSM that address specific risk scenarios and their associated controls. (C) 2015 American Institute of Chemical Engineers