Njqs Core Audit Module_rev1.6c (1)

NJQS Core Audit Module

Version: 1.06

NipeX Joint Qualification System (NJQS)

NNPC NipeX Office, 30 Oyinkan Abayomi Drive, Ikoyi, Lagos, Nigeria

Tel: +234 (0)1 271 7592; +234 (0)1 463 0523-6;

Website: www.nipexng.com or www.nipex.com.ng

Email: [email protected] or [email protected]

mailto:[email protected]

mailto:[email protected]

http://www.nipex.com.ng/

http://www.nipexng.com/

NJQS CORE AUDIT MODULE

CONTENTS

Assessment Requirements Page Number

Preface 3

Issue Record 3

1. Company Registration 4

2. Financial Information 4

3. Organisational Capacity 4

4. Plant & Equipment 5

5. Software 5

6. Document Management 6

7. Personnel 6

8. Nigerian Content 7

9. Health & Safety Management 7

10.Occupational Health 8

11.Environmental Management 9

12.Accident & Incident Reporting and Investigation 10

13.Security & Continuity Planning 10

14.Quality Management 10

15.Corporate Social Responsibility 11

16.Insurance 12

17.Subcontractor & Supplier Management 12

18.Competency & Training 13

© Copyright 2007, 2008 Achilles Information Page 2 of 14

30th March, 2008


Preface

This document contains the “Core” assessment protocol by which NipeX will measure the Nigerian Upstream Oil & Gas supply chain. The principle constituents of this process are the verification and assessment of the quality and applicability of their supply chains management systems.

Issue Record

This protocol will be subject to change and updating as a result in the following areas:

Changes in applicable statutory instruments Recommendations from enforcement authorities or industry

bodies focusing on either prevention of accidents or new best practice

Changes in the NipeX contractual conditions

The document will be made available on the NJQS portal. An appropriate notification will be placed on the portal advising of any changes made to the document.

Version History

No. Date Author / Editor

Comments

1.01 02 Feb 2007 W. Nelson1.02 04 July 2007 M. Ford1.03 30 Aug 2007 W. Nelson1.04 12 Nov 2007 J. Agbeyei Reviewed by M.Ford, W. Nelson & NJQS Team1.05 04 Dec 2007 O. Orife Reviewed by NJQS Assessment Team1.06 30 Mar 2008 O. Orife Sub clauses added. Section 1 redesigned.


30th March, 2008


ASSESSMENT REQUIREMENTS

1. Company Registration

1.1 The company must be registered to do business in Nigeria and with all other relevant authorities.

The Assessor should establish that the organisation being assessed holds all relevant approvals for the scope of work undertaken through examination of pertinent certificates of authorisation including:

1.1.1 Department of Petroleum Resources - DPR permit1.1.2 Corporate Affairs Commission (CAC) - Certificate of Incorporation,1.1.3 Form CAC2.5 (or C.O.2) - statement of share capital and return of

allotment of shares1.1.4 Form CAC2.3 (or C.O.7) - particulars of directors1.1.5 That the company has filed annual returns with Corporate Affairs

Commission (CAC10)1.1.6 Nigeria Communication Commission (NCC), where applicable1.1.7 Federal Environmental Protection Agency (FEPA), where applicable

2. Financial Information

2.1 The company must be able to demonstrate their financial capabilities and capacities.

The Assessor should establish the following:2.1.1 That the company can demonstrate their average annual turnover2.1.2 That the last 3 years accounts have been audited and approved2.1.3 That an Asset Register is maintained and controlled2.1.4 The percentage of owned assets and equipment with evidence of

ownership2.1.5 The percentage of leased assets and equipment with evidence of lease

agreement, where applicable.2.1.6 Evidence as to which assets have been contracted out and / or are

operationally engaged2.1.7 That the company holds a valid VAT certificate2.1.8 That the company can produce the last 3 years Tax Clearance

Certificate.

2.2 Do you have a fraud and malpractice policy and how does the organisation ensure adherence?

The Assessor should establish the following:2.2.1 Does the organisation work with their suppliers to prevent bribery &

corruption within its supply chain?2.2.2 Does the organisation have a lenient view of bribery or receipt of gifts

within their supply chain?

3. Organisational Capacity

3.1 The company must be able to demonstrate their organisational capacity relating to working in the Nigerian Oil & Gas industry.

The Assessor should establish the following:3.1.1 The company’s work history in Nigeria


30th March, 2008


3.1.2 Technical partners and associates including Memorandum of Understanding (MOUs)

3.1.3 That the company can produce evidence of current contracts and those contracts completed in the last 3 years

3.1.4 Any commendations or awards the company has received for contracts undertaken

3.2 Evidence of current organisational charts identifying key managerial posts i.e. health, safety, quality, environmental, technical and their responsibilities

3.3 Office & Site LocationsThe Assessor should establish the following:

3.3.1 What type of facility does the organisation have, do they have an administrative office, branch office or operational base.

3.3.2 Assessor to describe the facilities and building type (also take photographs of offices to verify comments).

3.3.3 Photo of Organisation

4. Plant & Equipment

4.1 The company must be able to demonstrate the origin of all Plant & Equipment

The Assessor should establish the following:4.1.1 What percentage of plant and equipment (and integral components) has

been manufactured within Nigeria4.1.2 That plant & equipment is subject to periodic servicing, maintenance and

calibration as required4.1.3 That a scheduled maintenance plan is in place4.1.4 That records of service / maintenance and calibration are retained4.1.5 That all maintenance, servicing and calibration is undertaken by

competent personnel and / or organisations4.1.6 If the organisation uses cranes (Fixed or mobile), do they have processes

in place to undertake checks on their stability/structure/service history?4.1.7 Are checks completed by competent persons?

5. Software

5.1 The company must be able to demonstrate ownership status of relevant software packages used

The Assessor should establish the following:5.1.1 Total units of software owned (with records of ownership)5.1.2 Percentage of software developed In-Country5.1.3 Records of units of software shared, if any

6. Document Management

6.1 What are the organisations arrangements for the identification of all documents that require control, to ensure the effectiveness of its operations?

The Assessor should establish the following:


30th March, 2008


6.1.1 The organisation has a Document Control Procedure that identifies the key documents requiring control. Such as: National & International Standards, relevant Legislation and

Regulations Industry and Contract Specific Documentation Documents supporting the organisation’s processes

6.2 The Document Control Procedure should identify:6.2.1 How documents are reviewed and changes identified6.2.2 How documents are issued and reach their point of use; in particular

multi-sites6.2.3 The process for cancelled and superseded documentation6.2.4 Archiving6.2.5 A master list of controlled documents and their status is Maintained6.2.6 If the organisation is not subject to formal 3rd party certification, do they

intend to achieve this registration in the future (record estimated timescale)?

6.2.7 Alternatively, if the company have a formal system in place that is effective and they do not intend to implement a third party system, this should be taken into account

7. Personnel

7.1 The company must be able to demonstrate the competency and numbers of personnel used

The Assessor should establish the following:7.1.1 The total number of employees7.1.2 The ratio of professional to non professional employees7.1.3 The number of permanent and contract personnel7.1.4 The competencies held for personnel delivering the scope of Product

and/or Service applicable to NJQS registration with records of certification available.

7.1.5 That the company maintains an organisation chart documenting the distribution and reporting lines of key personnel.

7.2 The company must be able to provide information on the expatriate personnel engaged (if applicable)

The Assessor should establish the following:7.2.1 The approved expatriate quota7.2.2 The (actual) ratio of expatriates to Nigerian employees7.2.3 That the competencies / skills of expatriate staff are currently

unavailable In-Country OR that the skills / competencies from expatriate staff shows high degree of specialisation

7.2.4 That succession planning is in place, with a view to raising the skill set of Nigerian staff

7.2.5 That the expatriates have the required work permits and ply their trade legitimately

8. Nigerian Content

8.1 The company must be able to demonstrate the Nigerian Content of the company

The Assessor should establish the following:8.1.1 That company has a local content policy in place


30th March, 2008


8.1.2 That the company is aware of the NCD directives on local content8.1.3 That the company is aware of NCD directives that impact their

operations8.1.4 How the company implements NCD directives and that the company has

a proven process for implementation of local content policy8.1.5 That a Nigeria Content Development (NCD) driver is in place8.1.6 That the organisation sources goods and services locally (where

applicable)

9. Health & Safety Management

9.1 The company must be able to demonstrate that appropriate Health & Safety controls are in place

The Assessor should establish the following:9.1.1 That the company has a documented Health & Safety Policy signed

by the managing director9.1.2 That the company has appointed a manager with responsibility for

Health & Safety and that this responsibility is reflected on the appropriate organisation chart

9.1.3 That the responsibility for implementation of Health & Safety arrangements has been allocated to competent persons

9.1.4 That the company has formally documented their Health & Safety controls as part of their Management System

9.1.5 That documented Health & Safety procedures are subject to periodic audit with proof of documented audit schedule

9.1.6 That any corrective and preventative actions identified are managed effectively

9.1.7 Whether the company has achieved certification to an internationally recognised standard e.g. OHSAS 18001 or has documented plans in place to do so

9.1.8 That applicable risks have been identified and assessed by competent personnel

9.1.9 That risk assessments have been documented and are subject to periodic review

9.1.10 That control measures identified through the risk assessment procedure have been implemented e.g. PPE issue, First Aid provision, Eye Wash, Fire Extinguishers are provided and regularly serviced etc

9.1.11 That there are fire alarms, smoke detectors and other fire suppression systems in use

9.1.12 Does the organisation provide first aid to its workers9.1.13 That PPE is provided FREE of charge9.1.14 Records of receipt and issuance of PPE have been retained9.1.15 That all staff and subcontractors have been briefed and trained on the

identified safety issues and controls with records of briefing / training retained

9.1.16 That the company has a process to test and monitor the effectiveness of the identified control measures

9.1.17 That the company periodically reviews the safety performance of their suppliers and subcontractors prior to engagement

9.1.18 That the company has a documented Emergency Preparedness & Response Plan

9.1.19 That the Health & Safety system is subject to periodic Management Review and that the outcome is used for continual improvement

9.1.20 That the company promotes H&S collaborative measures with workers and client organisations (e.g. workshops, safety week etc)


30th March, 2008


9.1.21 That the organisation publicises the effectiveness of Safety management systems (annual reporting etc)

9.1.22 That the company follows all Health & Safety rules & guidance provided by contractual requirements (NipeX & IOC)

9.1.23 That the company provides awareness / guidance on H&S principles to all areas of the workforce

9.1.24 That the organisation ensures there is access to a competent party to provide sensible guidance on all H&S areas (This can be internal or a suitable 3rd party)

9.1.25 This individual or 3rd party must have relevant experience in the oil & gas industry

9.1.26 That the organisation identified any hazardous substances used that may fall within the scope of the risk identification

9.1.27 That the organisation holds Manufacturers Safety Data sheets for all substances used

10. Occupational Health

10.1 The Assessor should record which of the listed health impacts may potentially arise from the scope of their operations.

10.1.1 What measures have been introduced to attempt to combat potential health issues from these areas: -?

Chemical Y/N Comment- Dusts- Gases- Vapours- Liquids Y- Mists- Fumes

Biological Y/N Comment- Fungi- Moulds- Bacteria- Viruses

Physical / Psychological

Y/N Comment

Musculoskeletal DisordersIll health due to vibrations

Y

Ill HealthNoiseHeatRadiationStress YViolenceAlcohol & Drugs

10.2 Does the company undertake any Health Surveillance?The Assessor to review:

10.2.1 What the company does with the information – Where applicable.


30th March, 2008


10.2.2 Does the organisation have a medical retainership (or other arrangements) with a hospital or clinic

11. Environmental Management

11.1 The company must be able to demonstrate that appropriate Environmental controls are in place

The Assessor should establish the following:11.1.1 That the company has a documented Environment Policy signed by

the managing director11.1.2 That the company has appointed a manager with responsibility for

Environmental Management and that this responsibility is reflected on the appropriate organisation chart.

11.1.3 That the company has formally documented their Environmental controls as part of their Management System.

11.1.4 That documented Environmental procedures are subject to periodic audit with a proof of documented audit schedule.


11.1.6 Whether the company has achieved certification to an internationally recognised standard e.g. ISO 14001 or has documented plans in place to do so

11.1.7 That all staff and subcontractors whose tasks may impact on the environment are trained and competent

11.1.8 That the company has formally assessed their environmental impacts and documented the appropriate control measures

11.1.9 That environmental risk control measures have been briefed to all staff / subcontractors as appropriate and that formal communication on environmental issues to concerned parties is in place

11.1.10 That relevant training on Environmental Impact Assessment and Control is provided to staff and subcontractors

11.1.11 That the responsibility for implementation of these arrangements has been allocated to competent persons

11.1.12 That the identified control measures are periodically tested and reviewed

11.1.13 That any environmental incidents have been reviewed and incorporated into the assessment process

11.1.14 That the Environmental Management System is subject to periodic Management Review e.g. Internal Audit findings

11.1.15 That there is periodic Environmental Impact Assessment (EIA) reporting, where applicable

12. Accident & Incident Reporting and Investigation

12.1 What are the organisation’s arrangements for the investigating and reporting of all Accidents, Incidents and Near Misses?

The Assessor should establish the following:12.1.1 The investigation of the origin and underlying causes of work related

injuries, ill health and incidents are undertaken.12.1.2 Does the organisation maintain records of accidents and incidents (This

includes safety & environmental incidents)? What do they do with the information?

12.1.3 The organisation has communicated the accident reporting process to its workforce and where applicable sub contractors


30th March, 2008


12.1.4 That the organisation has a documented process for undertaking local investigations. This should include:

- That competent people are undertaking the investigation- All operatives are aware of the investigative process- A mechanism for feeding into the Clients formal enquiry process- That arrangements are in place to assist and provide records to

regulatory bodies i.e. Police, Social Insurance institutions etc.

13. Security & Continuity Planning

13.1 The company must be able to demonstrate that a Security & Continuity Plan is in place

The Assessor should establish the following:13.1.1 The company has a documented Security & Continuity Policy13.1.2 That measures are in place to ensure data protection13.1.3 That measures are in place to ensure the safety of personnel, facilities

and assets13.1.4 That the Security & Continuity Plan is subject to periodic assessment and

review

14. Quality Management Systems

14.1 The company must be able to demonstrate that appropriate Quality Management controls are in place

The Assessor should establish the following:14.1.1 That the company has a documented Quality Policy signed by the

managing director14.1.2 That the company has appointed a manager with responsibility for

Quality Management and that this responsibility is reflected on the appropriate organisation chart

14.1.3 That the company has formally documented their Quality Management - controls, procedures and processes, as part of their Management System

14.1.4 That documented Quality procedures are subject to periodic audit with proof documented audit schedule


14.1.6 Whether the company has achieved certification to an internationally recognised standard e.g. ISO 9001 or has documented plans in place to do so

14.1.7 That the Quality management System is subject to periodic Management Review (with relevant records)

14.1.8 That staff and subcontractors have been briefed on the Quality management controls

*Assessor Note: The most recent 3rd party surveillance report should be reviewed to establish that no significant shortfalls were identified that could import unnecessary risk to NipeX.

14.2 Does the company have documented processes for the control and production of the following?

14.2.1 Quality Assurance & Control procedures14.2.2 Inspection Plans14.2.3 Inspection Checklists14.2.4 Test Checklists


30th March, 2008


14.2.5 Operative qualifications14.2.6 If the organisation provides goods in large volumes, do they do sample

checks?

* The Assessor should record which of the above are applicable to the company’s scope of work and the control mechanisms used to ensure these processes are discharged in a controlled manner.

14.3 Does the company have a controlled, formal Handover Process for completed works or goods delivery process?

The Assessor should establish the following:14.3.1 The type of handover process in place14.3.2 If the process is documented, how is this controlled?

15. Social & Ethical Controls (Corporate Social Responsibility)

15.1 The company must be able to demonstrate their Corporate Social Responsibility controls

The Assessor should establish the following:15.1.1 That the company has reviewed and assessed any labour suppliers used15.1.2 That wages paid are fair and appropriate15.1.3 That working hours are assessed and controlled15.1.4 That the company does not use child labour15.1.5 That the company has a community relations policy15.1.6 That adequate and suitable welfare facilities are provided for all workers

e.g. Toilets, drinking water

15.2 Are all workers including those on a temporary or seasonal contract issued with a contract containing details of their employment?

The Assessor should establish the following:15.2.1 Sample personnel files and validate that workers are issued with a

contract, detailing information about their employment terms including temporary or seasonal workers.

15.3 Does the company have a contributory pension scheme?The Assessor should:

15.3.1 Establish whether the company has a pension scheme complaint with government legislations – A1

15.3.2 Establish the nominated pension manager(s)15.3.3 Obtain evidence of remittances15.3.4 Establish that the company maintains a life insurance policy in favour

of the employee – A1

16. Insurance

16.1 How does the organisation ensure that it has adequate insurance?

16.2 The Assessor should establish at the time of the audit that the organisation has current certificates of insurance in place for the service the organisation provides

The Assessor should establish the following:


30th March, 2008


16.2.1 Employers Liability Minimum cover $X,000,00016.2.2 Public Liability Minimum cover $X,000,00016.2.3 Product Liability Minimum cover $X,000,00016.2.4 Professional Indemnity Minimum cover $X,000,00016.2.5 Theft, Fire or Peril Minimum cover $X,000,00016.2.6 That the scope identified within the companies insurance portfolio is

sufficient for the work they undertake.16.2.7 That there are no ‘excess’ or ‘restrictions’ that limit the company’s

indemnity

In all cases the Assessor should record the following information Name of the insurance company Policy Numbers Amount of cover for each type of insurance held Expiry date The scope of work insured against

(A copy of all relevant certificates and associated paperwork should be taken and included in the main report):

17. Subcontractor & Supplier Management

17.1 Has the organisation identified a person who has authority for subcontractors and /or suppliers used to provide their scope of services?

The Assessor should establish the following:17.1.1 Who the person is and do they work for the company

17.2 How does the organisation ensure effective management of their suppliers and subcontractors?

The Assessor should establish the following:17.2.1 That the company has reviewed and assessed any suppliers used17.2.2 That the companies being used are permitted by the client17.2.3 Does the company maintain an approved register for suppliers &

subcontractors?17.2.4 Does the organisation have a process for the recording and monitoring

of any corrective actions raised at subcontractor audits?

18. Competency & Training

18.1 What are the organisations policy and arrangements for the training of workers?

The Assessor should establish the following:18.1.1 That training records are held18.1.2 That there is a training plan18.1.3 That the training process covers at least:

o Company structureo Roles and responsibilitieso Training and competency requirementso Relevant Legislative and Regulatory requirementso Site-specific requirementso Subcontract personnel


30th March, 2008


18.2 Has the organisation identified all activities, systems and components of their activities requiring Competency Management Control?

The Assessor should establish the following:18.2.1 Evidence of a defined list identifying all competencies contained within

the company’s Competency Management System18.2.2 How the organisation ensures they use only competent sub-contractors

and do they have a process in place for their workforce?

18.3 Are the services of the organisation covered by licences or other government requirements?

The Assessor should establish the following:18.3.1 The type of licence needed and who issues it18.3.2 How often it is subject to review18.3.3 That the company’s have a means of identifying certification expiry/re-

training event dates and also where necessary competencies audit events due dates.

18.3.4 The organisation have a process in place that allows them to verify the validity of certificate held

18.4 How does the organisation ensure that arrangements are in place for the training of personnel?

The Assessor should establish the following:18.4.1 That the company has reviewed and assessed any labour suppliers used18.4.2 The frequency of training18.4.3 Training is provided free 18.4.4 Sample personnel records

18.5 How does the organisation ensure that competency and training records are maintained and are available for verification?

The Assessor should establish that as a minimum, the organisation is able to demonstrate the following:

18.5.1 Dates for re-audit/expiry dates of certificates issued to workforce18.5.2 Certificates of competence for each person signed by the person defined

in the competence management system (Where applicable)18.5.3 The standards of competence selected are appropriate for the work role

of the candidate (This can be verified by assessing job description and training record or training matrices).

18.6 How does the organisation ensure that the competency management system is effective and being adhered to?

The Assessor should establish that the organisation is carrying out sufficient checks to verify that:

18.6.1 Identified activities are being assessed18.6.2 Audit practice is being monitored18.6.3 That competent Assessors (Internal & External) retain technical

expertise18.6.4 Any remedial action is recorded and carried out18.6.5 Changes are implemented18.6.6 That verification checks are subject to audit18.6.7 The organisation have measures in place to counter fraud in relation to

the issue of competency cards


30th March, 2008



30th March, 2008