Plains Midstream Canada ULC - Facility Integrity Management CV2526-018

Plains Midstream Canada ULC - Facility Integrity Management CV2526-018 [PDF 1392 KB]

Executive Summary

The Canada Energy Regulator (CER) expects pipelines and associated facilities within the Government of Canada’s jurisdiction to be constructed, operated, and abandoned in a safe and secure manner that protects people, property, and the environment. To this end, the CER conducts a variety of compliance oversight activities, such as audits.

Section 103 of the Canadian Energy Regulator Act (S.C. 2019, c. 28, s. 10) (CER Act) authorizes inspection officers to conduct audits of regulated companies. The purpose of these audits is to assess compliance with the CER Act and its associated Regulations.

The purpose of operational audits is to ensure that regulated companies have established and implemented both a management system and its associated programs, as specified in the Canadian Energy Regulator Onshore Pipeline Regulations (SOR/99-294) (OPR).

The CER conducted a Facility Integrity Management (Facility IM) operational audit of Plains Midstream Canada ULC (PMC or the company) between 4 September 2025 and 13 January 2026.

The objective of the Facility IM audit is to assess whether the company’s Integrity Management Program (IMP) as applied to facilities is adequate to avoid and control events which could potentially cause harm to people, property, or the environment. The company’s IMP as applied to facilities was assessed in accordance with selected requirements of the OPR in the areas of:

  • Hazard identification, risk assessment, and control;
  • Inspection and monitoring;
  • Hazard and incident reporting and taking corrective and preventive actions;
  • Integration with the company’s management system; and
  • Management of change.

All six regulatory requirements that were evaluated were deemed to be non-compliant.

Within 30 calendar days of receiving the Final Audit Report, the company shall file with the CER a Corrective and Preventive Action (CAPA) Plan that outlines how the non-compliant findings will be resolved. The CER will monitor and assess the implementation of this CAPA Plan to confirm that it is completed in a timely manner.

Note that all findings are specific to the information assessed at the time of the audit as related to the audit scope.

Although non-compliant findings remain, the company demonstrated outcomes for elements of the Facility IM Program that are functioning as intended. However, these demonstrated outcomes do not establish overall regulatory compliance. The company must address the identified deficiencies to meet requirements for protecting people, property, and the environment.

The Final Audit Report will be made public on the CER website.

Top of Page

Table of Contents

Top of Page

List of Tables and Figures

1.0 Background

1.1 Introduction

The CER expects pipelines and associated facilities within the Government of Canada’s jurisdiction to be constructed, operated, and abandoned in a safe and secure manner that protects people, property, and the environment.

Section 103 of the CER Act authorizes inspection officers to conduct audits of regulated companies. The purpose of these audits is to assess compliance with the CER Act and its associated Regulations.

The purpose of operational audits is to ensure that regulated companies have established and implemented both a management system and its associated programs, as specified in the OPR.

The CER conducted a Facility IM operational audit of PMC between 4 September 2025 and 13 January 2026.

1.2 Description of Audit Topic

The OPR requires that companies have an IMP for its pipelines and associated facilities. The objective of Facility IM is to provide operating companies with a formalized mechanism to maintain the integrity of the managed assets that demonstrates a commitment to protect the health and safety of employees, the public, and the environment. Integrity management for a facility aims to ensure safe operation by preventing failures that could result in the release of product.

Facility IM encompasses a wide range of equipment like pumps, prime movers, tanks, pressure vessels, piping systems, electrical components, and instrumentation within the boundaries of the facility. Risk assessment is a crucial aspect of integrity management and for a facility, one must consider complex interactions between different equipment and the various components within that equipment and potential cascading failures.

The CER’s expectations for this audit are explained in Appendix 1.0.

1.3 Company Overview

Plains Midstream Canada ULC is an indirect subsidiary of Plains All American (PAA) Pipeline, L.P. PMC specializes in the transportation, storage, processing, and marketing solutions for crude oil, natural gas, and natural gas liquids (NGL) and links petroleum producers with refiners and other customers via pipeline, truck, and rail transportation. PMC also operates facilities for crude oil and NGL storage, separation of NGL from natural gas, and fractionation of NGL into specification products. PMC is headquartered in Calgary, Alberta, with operations across four Canadian provinces and business activities spanning eight provinces. Its pipeline network includes both provincially regulated and federally regulated assets.

The CER currently regulates approximately 704 kilometres of PMC pipelines, as well as their storage facilities in Windsor, Ontario.

PMC pipelines regulated by the CER include:

  • Plains Petroleum Transmission Company system;
  • Wascana;
  • Empress Kerrobert;
  • Bodo;
  • AuroraFootnote 1;
  • Eastern Delivery System North and South;
  • Windsor to Sarnia;
  • Kalkaska; and
  • Sarnia Downstream.

In 2023, PMC was undergoing a convergence project, where its management system, and the management system of the parent company (PAA) were being merged. This is discussed in more detail in the Damage Prevention Audit Report CV2223-228. This project is now closed and the management systems are converged. The company is currently in the process of divesting its NGL assets, although the associated timelines have not yet been finalized. As a result, the practical phase of the CER audit focused on an inspection of the company’s liquid operations at the Regina Terminal.

Figures 1 and 2 depict the company’s CER-regulated assets.

Map of the Auditee's Infrastructure in Western Canada Figure 1. Map of the Auditee’s Infrastructure in Western Canada Map of the Auditee’s Infrastructure in Ontario Figure 2. Map of the Auditee’s Infrastructure in Ontario

2.0 Objective and Scope

The objective of the Facility IM audit is to assess whether the company’s IMP, as applied to facilities, is adequate to avoid and control events which could potentially cause harm to people, property, or the environment. The company’s IMP, as applied to facilities, was assessed in accordance with selected requirements of the OPR in the areas of:

  • Hazard identification, risk assessment and control;
  • Inspection and monitoring;
  • Hazard and incident reporting and taking corrective and preventive actions;
  • Integration with the company’s management system; and
  • Management of change.

The table below outlines the audit topic, the lifecycle phases, and programs selected for this audit.

The scope of the audit includes the IMP in use at the time of the audit as well as the processes, procedures, and work instructions that the company uses to enable it to implement integrity management at all of its facilities throughout all lifecycles in accordance with the requirements of the OPR.

Note that, while the focus will be on the requirements and items listed in Table 2, if the audit identifies potential non-compliances to other requirements, the scope may be expanded as necessary.

Table 1. Audit Scope

Table 1. Audit Scope

Audit Scope

Details

Audit Topic

Facility Integrity Management

Lifecycle Phases

 x 
Construction

 x 
Operations

 x 
Abandonment

Section 55 Programs

    
Emergency Management

 x 
Integrity Management

    
Safety Management

    
Security Management

    
Environmental Protection

    
Damage Prevention

Time Frame

Open

3.0 Methodology

An audit notification letter was sent to the company on 4 September 2025 advising the company of the CER’s plans to conduct an operational audit. The lead auditor provided the audit protocol and initial information request to the company on 8 September 2025 and followed with a meeting with company staff on the same day to discuss the plans and schedule for the audit. Document review began on 17 October 2025 and interviews were conducted between 17 November 2025 and 25 November 2025. An inspection was conducted on 3 December 2025.

The auditors assessed compliance through:

  • document reviews;
  • record sampling;
  • interviews; and
  • one inspection.

The purpose of the document review is to identify the suite of documents that are intended to meet the requirements related to the audit protocols. This review assesses whether the process is established. Records are also sampled to assess whether the process is implemented. Records are outputs, or products of a process. The presence of properly completed records suggests that the process is being used. The auditors reviewed approximately 130 documents and records, accounting for approximately 1,600 pages.

Interviews are conducted to determine the extent to which the processes have been implemented. If the responses are consistent with what is written, the auditors assume that the staff are aware of the process, and that it is being followed. The first set of interviews was conducted primarily with management and senior staff to discuss each of the audit protocols. The second set of interviews was organized based on positions, which ranged from office staff to field staff, where the auditors asked questions relating to all the audit protocols at each interview. The auditors conducted approximately 10 interviews.

The list of documents reviewed, records sampled, and the list of interviewees are retained on file with the CER.

The audit also included an inspection of the Plains Regina Terminal, conducted jointly by two members of the CER’s Pipeline Integrity Team and the two CER auditors. The inspection took place on 3 December 2025, during which the CER examined various components of the facility, as they related to the audit scope. The inspection involved a review of relevant records and additional interviews with facility staff. Comprehensive findings from the facility inspection are documented in the Inspection Officer’s Report for Compliance Verification Activity CV2526-099.

In accordance with the established CER audit process, the lead auditor shared a pre-closeout summary of the audit results on 19 December 2025. At that time, the company was given five business days to provide any additional documents or records to help resolve the identified gaps in information or compliance. Subsequent to the pre-closeout meeting, the company provided additional information to assist the lead auditor in making their final assessment of compliance. The lead auditor conducted a final closeout meeting with the company on 13 January 2026.

4.0 Summary of Findings

The lead auditor has assigned a finding to each audit protocol. A finding can be either:

  • No Issues Identified – No non-compliances were identified during the audit, based on the information provided by the company and reviewed by the auditor within the context of the audit scope; or
  • Non-compliant – The company has not demonstrated that it has met the legal requirements. A CAPA Plan shall be developed and implemented to resolve the deficiency.

All findings are specific to the information assessed at the time of the audit, as related to the audit scope.

The table below summarizes the findings. See Appendix 1: Audit Assessment for more information.

Table 2. Summary of Findings

Audit Protocol (AP) Number Regulation Regulatory Reference Topic Finding Status Finding Summary

AP-01

OPR

6.5(1)(c)

Management of Change

Non-compliant

The company has not developed a Management of Change (MOC) process that addresses the expected outcomes for document-controlled procedure changes. Existing documents do not meet the definition of a process as defined by the CER and are not linked to the MOC process. Outdated integrity documentation linked to the overall convergence administrative MOC further indicates gaps in procedural change control.

AP-02

OPR

6.5(1)(d)

Hazard Inventory

Non-compliant

Gaps exist in the company’s hazard identification and analysis processes at the facility level. Multiple overlapping Operations Management System (OMS) processes exist with weak alignment or integration, resulting in inconsistent and incomplete identification of integrity hazards across asset types. The company lacks a documented, CER-compliant method for facility level hazard analysis, and facility hazards are not fully captured or linked within the corporate hazard register. These inconsistencies - combined with differing hazard definitions and unclear integration with the OMS framework - undermine the organization’s ability to perform comprehensive, consistent, and comparable hazard identification and consequent risk assessments.

AP-03

OPR

6.5(1)(e)

Risk Assessment

Non-compliant

Multiple gaps were identified in the company’s risk assessment framework, including the existence of overlapping OMS-level processes with unclear precedence, the absence of a documented and consistently applied facility-level risk assessment process, and the lack of a comprehensive assessment covering all applicable integrity hazards. The company has not demonstrated that likelihood and consequence evaluations have been completed across all asset types, and records such as the Regina Terminal Hazard and Operability (HAZOP) and Hazard Register provide only partial or high-level assessments. Additionally, the risk-based methodology used under the maintenance, reliability and inspection program is not formally approved or traceable, and limited cross-referencing among risk-related documents fosters weak integration. Finally, the linkage between contingency and emergency planning with risk evaluation is not explicit, reducing alignment with OPR requirements.

AP-04

OPR

6.5(1)(l)

Controls

Non-compliant

The company’s control management practices lack the specificity, communication, and contextual consideration required for an effective and compliant risk control framework. Controls are documented at an overly broad program level, making them difficult to operationalize and preventing clear linkage between specific hazards and the control measures designed to mitigate them. No evidence was provided to demonstrate that controls are adjusted to reflect differences in asset types, operating conditions, or failure modes. Additionally, several integrity management documents are outdated or misaligned with regulatory requirements of the CER and CSA standards, further undermining the adequacy and reliability of the company’s control framework.

AP-05

OPR

6.5(1)(m)

Hazard & Incident Reporting and Response

Non-compliant

Gaps exist between the company’s documented incident and hazard management processes and their actual implementation. Misalignment between written procedures and the reporting software creates inconsistencies that risk incomplete or inaccurate incident tracking. Guidance for managing imminent hazards is limited, lacking clarity on immediate control actions and communication expectations. The internal reporting process does not align with hazard and potential hazard definitions used elsewhere in the organization or in applicable standards, increasing the likelihood of incorrect or inconsistent reporting.

AP-06

OPR

6.5(1)(o)

Inspection and Monitoring

Non-compliant

The OMS framework lacks clear documented requirements for conducting facility inspections or using results to evaluate program adequacy and effectiveness. Inspection practices for the below-ground station piping are particularly deficient, with no formal plans, procedures, or triggers. Additionally, assurance methods are inconsistently applied due to non-mandatory sub-element plans. Furthermore, key inspection procedures, including those for below-ground piping and routine monthly inspections, are undocumented, limiting the organization’s ability to demonstrate systematic oversight of its facility management in alignment with the expectations of the CER.

5.0 Discussion

While integrity management for a pipeline and a facility both aim to ensure safe operation by preventing failures, the key differences between the two lie in the specific components and risks assessed. Pipeline integrity management encompasses threats specific to pipelines, whereas facilities integrity management encompasses threats specific to facilities, which may not be entirely the same, as facilities have a wider range of equipment like pumps, prime movers, tanks, pressure vessels, piping systems, electrical components, and instrumentation within the boundaries of the facility, with corresponding wider potential failure modes. Risk assessment is a crucial aspect of integrity management and for a facility, one must consider complex interactions between different equipment and the various components within that equipment and potential cascading failures.

PMC’s Operations Management System consists of five elements designed to provide the framework for managing its operations, measuring performance and continually improving its activities to achieve its objectives and manage risk. The OMS applies to all activities of PMC’s employees and contractors associated with each sub-element's specified requirements. Integrity management is governed by OMS Sub-Element Asset Integrity and relies on support from multiple other disciplines including Sub-Element Operations and Maintenance. Because PMC’s integrity programs are focused by asset type, the management of facility integrity is governed through processes defined for the:

  • company’s Canadian pipeline integrity management systems;
  • management of pressure equipment and piping;
  • management of electrical, instrumentation, control systems, and other facility equipment;
  • management of caverns and wells; and
  • maintenance of tank integrity.

Although PMC currently manages the integrity of its facilities with the last four programs mentioned above, PMC indicated that a consolidated Facility IM Program is currently under development to more clearly demonstrate alignment with CSA Group (CSA) Z662 – Annex N2. However, the audit assessment was based on the programs currently in place against the audit protocols listed in Table 2.

Overall, the audit revealed recurring themes that point to systemic weaknesses in PMC’s implementation of its Facility IM processes. While the company has developed an extensive suite of corporate and operational documents, the practical application of these processes at the facility level was inconsistent, fragmented, and in several cases not aligned with the expectations of the CER. A notable trend across multiple audit protocols was the presence of overlapping or contradictory processes, particularly within hazard identification and risk assessment, which created uncertainty among company staff and the CER audit team regarding which requirements applied in specific situations. This issue was amplified by several instances of conflicting or inaccurate information provided to the CER audit team, such as the submission of an incorrect or outdated hazard register , inconsistent explanations about whether the pressure equipment program applies to crude facilities, and contradictory statements on whether risk based inspection or methodologies such as Failure Modes and Effects Analysis (FMEA) were used in practice.

These inconsistencies highlight broader issues with version control, documentation governance, and company staff awareness of integrity processes. During interviews, several disconnects were evident between what management described as an established practice and what field staff understood or implemented. For example, while the integrity supervisory personnel indicated that field staff performed hazard and risk assessments on site, the field staff themselves did not demonstrate awareness of these expectations. Similarly, key facility level integrity hazards, especially for tanks, pressure vessels, and aging below ground piping—were not consistently captured, analyzed, or integrated into a comprehensive program that reflects the complexity of facility operations.

The audit team also observed misalignment between documented processes and the tools used to implement them. For instance, procedures referenced functionality or workflows that did not match how the internal software platforms were configured or used in practice. This disconnect increases the risk of incomplete reporting, missed corrective actions, and gaps in hazard and incident management. In several areas, critical integrity documentation was outdated or not reflective of CER and CSA requirements, further affecting the adequacy and traceability of controls, inspection practices, and technical decision-making.

These trends suggest that while PMC has developed many of the foundational elements of a Facility IM Program, the integration, consistency, and operationalization of those elements remain insufficient.

6.0 Conclusion

In summary, the CER conducted an operational audit of PMC related to its Facility IM. All six regulatory requirements that were evaluated were deemed to be non-compliant, resulting in an audit score of zero percent.

PMC is expected to resolve any deficiencies through the implementation of a CAPA Plan. The CER will monitor and assess the implementation of this CAPA Plan and issue an audit closeout letter upon its completion.

Top of Page

7.0 Next Steps

The company is required to resolve all non-compliant findings through the implementation of a CAPA Plan. The next steps of the audit process are as follows:

  • Within 30 calendar days of receiving the Final Audit Report, the company shall file with the CER, a CAPA Plan that outlines how the non-compliant findings will be resolved.
  • The CER will monitor and assess the implementation of the CAPA Plan to confirm that it is completed:
    • on a timely basis; and
    • in a safe and secure manner that protects people, property, and the environment.
  • Once implementation is completed, the CER will issue an audit closeout letter.
Top of Page

Appendix 1: Audit Assessment

AP-01 - Management of Change
AP-01 - Management of Change

Finding Status

Non-compliant

Regulation

OPR

Regulatory Reference

6.5(1)(i)

Regulatory Requirement

A company shall, as part of its management system and the programs referred to in section 55,
(i) establish and implement a process for identifying and managing any change that could affect safety, security or the protection of the environment, including any new hazard or risk, any change in a design, specification, standard or procedure and any change in the company’s organizational structure or the legal requirements applicable to the company.

Expected Outcome

It is expected that the company can demonstrate that:

  • The company has a compliant process for identifying and managing change;
  • Methods are defined to identify and manage change;
  • Changes include any change that could affect safety, security or the protection of the environment, including any new hazard or risk, any change in a design, specification, standard or procedure and any change in the company’s ownership or organizational structure or the legal requirements applicable to the company; and
  • Impacts to the company management system and Facility IM are identified and assessed.

Relevant Information Provided by the Company

The following key documents and records are related to this finding:

  • Management of Change Process
  • Management of Change Procedure
  • Organizational Change Management Process
  • Organizational Change Management Procedure
  • Management of Change Record
  • Management of Change Forms
  • Management of Change System User Guide
  • Management of Change Quick Reference Guides

The following interviews are related to this finding:

  • Interview 1.1 - Company update – ongoing change
  • Interview 4.1 - AP-01 paragraph 6.5(1)(i) of the OPR Management of change
  • Field Inspection Interview with Area Supervisor, Field Inspector - Health, Safety, and Environmental (HSE) Advisor, and Director HSE Compliance

Finding Summary

The company has not developed a MOC process that addresses all the expected outcomes for document-controlled procedure changes. Existing MOC procedure related documents do not meet the definition of a process as defined by the CER and are not linked to the MOC process. Outdated integrity documentation linked to the overall convergence administrative MOC further indicates gaps in procedural change control.

Detailed Assessment

The company has not satisfied all the expected outcomes listed in the audit protocol for AP‑01. This section will first discuss the documented process, and then it will discuss the deficiencies.

The company has established a formal management of change process, supported by the Maximo MOC module and a suite of training and reference materials. These documents collectively define the lifecycle of change management, including:

  • Identification and classification of change types (technical, administrative, procedural, and organizational).
  • Roles and responsibilities for each stage of the process.
  • Requirements for hazard and risk assessments.
  • Integration with the integrity management program and other OMS elements.

The MOC process document outlines the scope and purpose of the MOC program, including its application to changes in design, operations, regulatory requirements, and technology. It also includes detailed examples of what constitutes a change versus a replacement‑in‑kind and provides decision trees to guide classification.

The Management of Change Procedure provides step‑by‑step instructions for executing MOCs in Maximo, including initiation, scope development, review, approval, implementation, and closeout. It also addresses emergency and temporary changes, with specific timelines and documentation requirements.

The Maximo MOC Quick Reference Guides operationalize the process, showing how roles interact with the system, how actions are assigned and tracked, and how workflows are routed for approval.

Training materials such as MOC 101 and Maximo guides are available to support staff understanding and execution of the process.

At the facility integrity program level, the documented programs related to pressure equipment and tanks identify the MOC process as the supporting process to identify and manage changes, indicating a connection to the OMS management of change framework.

The company has demonstrated implementation of the MOC process through:

  • Completed MOC forms;
  • Maximo records indicating workflow routing, reviewer comments, and authorization;
  • Evidence of Pre-Startup Safety Reviews (PSSR) and post-start actions; and
  • Training records and reference guides distributed to staff.

Interview feedback and documentation suggest that staff are familiar with the MOC process and its application to technical and administrative changes. The process appears to be used consistently for facility-related changes, including equipment modifications, hazard reviews, and regulatory updates.

Thus, the company has established and implemented a process for identifying and managing change, which defines the methods to be used. Impacts to the management system and Facility IM program have been identified and assessed.

However, the MOC process is deficient in that it does not adequately address changes to document-controlled procedures, as these changes are managed through The Source and not in Maximo.

The following deficiencies were identified:

  • The MOC process document provides some information about procedural MOC but does not describe the process steps for managing procedural changes — only the steps for technical and administrative changes processed through Maximo are documented. PMC provided training guides used to manage procedural changes; however, these documents are task-level work instructions with screenshots on how to use The Source. The guides do not have evidence of approval by the appropriate management authority, are uncontrolled, and lack defined governance. Therefore, they do not meet the definition of a process as defined by the CER. Linkage with the MOC process document was also not evident. Although the organization’s Governing Document Management Standard acknowledges procedural MOCs and assigns tracking responsibilities and roles, it does not reference or include a detailed procedural MOC workflow for The Source. As written, it does not meet management system expectations for controlling procedural changes.
  • The outdated integrity documentation (e.g., maintenance, reliability and inspection program, and integrity data management process) despite being considered in the overall MOC for the convergence project, indicates that the current tracking of procedural changes may not ensure completion in a timely manner and in accordance with PMC’s MOC Process requirements.
Detailed Assessment

The company has not satisfied all the expected outcomes listed in the audit protocol for AP‑01. This section will first discuss the documented process, and then it will discuss the deficiencies.

The company has established a formal management of change process, supported by the Maximo MOC module and a suite of training and reference materials. These documents collectively define the lifecycle of change management, including:

  • Identification and classification of change types (technical, administrative, procedural, and organizational).
  • Roles and responsibilities for each stage of the process.
  • Requirements for hazard and risk assessments.
  • Integration with the integrity management program and other OMS elements.

The MOC process document outlines the scope and purpose of the MOC program, including its application to changes in design, operations, regulatory requirements, and technology. It also includes detailed examples of what constitutes a change versus a replacement‑in‑kind and provides decision trees to guide classification.

The Management of Change Procedure provides step‑by‑step instructions for executing MOCs in Maximo, including initiation, scope development, review, approval, implementation, and closeout. It also addresses emergency and temporary changes, with specific timelines and documentation requirements.

The Maximo MOC Quick Reference Guides operationalize the process, showing how roles interact with the system, how actions are assigned and tracked, and how workflows are routed for approval.

Training materials such as MOC 101 and Maximo guides are available to support staff understanding and execution of the process.

At the facility integrity program level, the documented programs related to pressure equipment and tanks identify the MOC process as the supporting process to identify and manage changes, indicating a connection to the OMS management of change framework.

The company has demonstrated implementation of the MOC process through:

  • Completed MOC forms;
  • Maximo records indicating workflow routing, reviewer comments, and authorization;
  • Evidence of Pre‑Startup Safety Reviews (PSSR) and post‑start actions; and
  • Training records and reference guides distributed to staff.

Interview feedback and documentation suggest that staff are familiar with the MOC process and its application to technical and administrative changes. The process appears to be used consistently for facility‑related changes, including equipment modifications, hazard reviews, and regulatory updates.

Thus, the company has established and implemented a process for identifying and managing change, which defines the methods to be used. Impacts to the management system and Facility IM program have been identified and assessed.

However, the MOC process is deficient in that it does not adequately address changes to document‑controlled procedures, as these changes are managed through The Source and not in Maximo.

The following deficiencies were identified:

  • The MOC process document provides some information about procedural MOC but does not describe the process steps for managing procedural changes - only the steps for technical and administrative changes processed through Maximo are documented. PMC provided training guides used to manage procedural changes; however, these documents are task-level work instructions with screenshots on how to use The Source. The guides do not have evidence of approval by the appropriate management authority, are uncontrolled, and lack defined governance. Therefore, they do not meet the definition of a process as defined by the CER. Linkage with the MOC process document was also not evident. Although the organization’s Governing Document Management Standard acknowledges procedural MOCs and assigns tracking responsibilities and roles, it does not reference or include a detailed procedural MOC workflow for The Source. As written, it does not meet management system expectations for controlling procedural changes.
  • The outdated integrity documentation (e.g., maintenance, reliability and inspection program, and integrity data management process) despite being considered in the overall MOC for the convergence project, indicates that the current tracking of procedural changes may not ensure completion in a timely manner and in accordance with PMC’s MOC Process requirements.
Conclusion

The company has not developed a MOC process that addresses all the expected outcomes for document-controlled procedure changes. Existing MOC procedure related documents do not meet the definition of a process as defined by the CER and are not linked to the MOC process. Outdated integrity documentation linked to the overall convergence administrative MOC further indicates gaps in procedural change control.

AP-02 Hazard Inventory
AP-02 Hazard Inventory

Finding Status

Non-compliant

Regulation

OPR

Regulatory Reference

6.5(1)(c)

Regulatory Requirement

A company shall, as part of its management system and the programs referred to in section 55,

(c) establish and implement a process for identifying and analyzing all hazards and potential hazards.

Expected Outcome

It is expected that the company can demonstrate that:

  • The company has a compliant process that is established and implemented;
  • The methods for identification of hazards and potential hazards are appropriate for the nature, scope, scale, and complexity of the company’s operations, activities, and the Facility IM;
  • The identification of hazards and potential hazards must include the full lifecycle of the pipeline;
  • The company has comprehensively identified and analyzed all relevant hazards and potential hazards;
  • The hazards and potential hazards have been identified for the company’s scope of operations through the lifecycle of the pipelines; and
  • The identified hazards and potential hazards have been analyzed for the type and severity of their consequences.

Relevant Information Provided by the Company

The following key documents and records are related to this finding:

  • Hazard Management Process
  • Operation Risk Management Process
  • Hazard Identification Reporting Process
  • Process Hazard Analysis Process
  • Process Hazard Analysis Procedure
  • Work Permit Process
  • Hazard Register
  • HAZOP Study Report
  • Hazard Identification Records

The following interviews are related to this finding:

  • Interview 1.2 – AP‑02 paragraph 6.5(1)(c) of the OPR Hazard Identification
  • Interview 4.2 – Plant Condition Management System (PCMS) demo interview
  • Field Inspection Interview with Area Supervisor, Field Inspector, HSE Advisor, and Director HSE Compliance

Finding Summary

Gaps exist in the company’s hazard identification and analysis processes at the facility level. Multiple overlapping OMS processes exist with weak alignment or integration, resulting in inconsistent and incomplete identification of integrity hazards across asset types. The company lacks a documented, CER-compliant method for facility level hazard analysis, and facility hazards are not fully captured or linked within the corporate hazard register. These inconsistencies - combined with differing hazard definitions and unclear integration with the OMS framework - undermine the organization’s ability to perform comprehensive, consistent, and comparable hazard identification, and consequent risk assessments.

Detailed Assessment

The company has not satisfied all the expected outcomes listed under AP‑02. This section will first discuss the documented process, and then it will discuss the deficiencies.

The company has established and implemented a hazard identification and analysis process through a suite of integrated documents that are governed under the Operational Risk Management Program and consequently the company’s OMS, and meant to align with paragraph 6.5(1)(c) of the OPR and related clauses.

The corporate process for managing hazards outlines the standard approach for identifying and analyzing hazards and potential hazards across all operational assets. It defines a structured methodology that includes identifying new and escalating hazards from both routine and non‑routine activities, including those arising from normal and abnormal operating conditions. The process is supported by inputs such as Job Hazard Assessments (JHAs), Job Safety Analyses (JSAs), HAZOPs, Pre‑Startup Safety Reviews, Emergency Response Plans, MOCs, audits, inspections, and lessons learned. These inputs are appropriate for the nature, scope, and complexity of the company’s operations.

The corporate process and procedure for process hazard analysis further define the requirements for conducting Process Hazard Analysis (PHA), particularly for Process Safety Management‑covered facilities. The PHA methodology includes HAZOP, Hazard Identification, What‑If, and Failure Modes and Effects Analysis techniques, and provides detailed guidance on identifying causes, consequences, safeguards, and risk rankings using the Operational Risk Matrix. The PHA Procedure includes a structured approach for analyzing unmitigated, mitigated, and residual risks, and outlines when and how recommendations are generated and tracked through Maximo.

The work permit process operationalizes hazard identification at the task level, addressing safety‑related hazards but not facility integrity‑related hazards. It integrates hazard assessment, control verification, and work authorization into a single process. The use of the Task Hazard Inventory and Formal Hazard Assessments ensures that hazards are identified and controlled based on worker roles and tasks. The process includes requirements for JSAs, tailgate meetings, and hazard reassessments when conditions change, ensuring that hazards are continuously evaluated and communicated to all affected personnel. Although PMC provided the work permit process documentation in its response to AP‑02, the CER auditors note that this process is more relevant to hazard identification for the safety program than for the integrity management of the facility.

The corporate program for incident reporting and investigation ensures that hazards identified through incidents and near misses are captured, analyzed, and used to inform future hazard identification and risk control efforts. The program mandates root cause analysis for high and very high‑risk incidents, and corrective and preventive actions are tracked through a corrective and preventive actions management process. Lessons learned are communicated across the organization to support continuous improvement.

Hazards are categorized and analyzed using the Operational Risk Matrix. The processes are integrated with other management system elements, including risk evaluation (paragraph 6.5(1)(e) of the OPR), control development (paragraph 6.5(1)(f) of the OPR), MOC (paragraph 6.5(1)(i) of the OPR), and incident reporting (paragraph 6.5(1)(r) of the OPR). The Hazard Process also references Emergency Response Plans as inputs for the identification of new hazards, supporting alignment with paragraph 6.5(1)(t) of the OPR. However, contingency planning is not clearly linked to the risk assessment process, which is discussed in AP‑03 of this audit report.

Therefore, the company has established and implemented a hazard identification and analysis process, and it has defined methods for identifying hazards and potential hazards. The company has incorporated multiple inputs—such as PHAs, JHAs/JSAs, work permits, inspections, MOCs, and incident investigations—that support hazard identification across operational activities. It has also analyzed and identified hazards and potential hazards using structured methodologies and risk‑ranking tools to evaluate the type and severity of their consequences.

Despite the above‑mentioned process, several deficiencies were identified:

  • Multiple OMS‑level hazard identification and analysis processes exist and it is unclear how they relate. Both the Operational Risk Management (ORM) and Hazard Processes contain steps for hazard identification and analysis. The steps are different and it is unclear what takes precedence.
  • The company did not demonstrate that all integrity hazards and potential hazards are being comprehensively identified and analyzed at the facility level. For the crude oil facilities, the Asset Integrity – Hazard Register (Nov 19, 2025) references only the Facility IM Program as a control for internal and external corrosion hazards related to piping, excluding other asset types such as tanks and pressure vessels. Additionally, several industry‑recognized integrity hazards—such as cracking, mechanical damage, manufacturing and construction defects, equipment failure, incorrect operation, weather impacts, and external forces—are not included for the crude oil facility assets. While the Regina Terminal HAZOP Report addresses some process‑related hazards (e.g., equipment failure, abnormal operations, certain weather scenarios), it does not cover all integrity hazards across different asset types.
  • The use of PCMS for hazard identification is not documented.
  • The company did not demonstrate that it integrated all facility‑level hazards with the OMS framework. PMC demonstrated that it uses functionalities within PCMS to identify and analyze hazards at the facility level; however, not all facility‑related hazards are captured in the corporate hazard register (or no linkage to these hazards was demonstrated), and the process for consistently conducting risk assessments on these hazards remains unclear.
  • Inconsistencies in hazard definitions between various documents could hinder the organization’s ability to conduct risk assessments that are comparable or comprehensive.
Conclusion

Gaps exist in the company’s hazard identification and analysis processes at the facility level. Multiple overlapping OMS processes exist with weak alignment or integration, resulting in inconsistent and incomplete identification of integrity hazards across asset types. The company lacks a documented, CER-compliant method for facility level hazard analysis, and facility hazards are not fully captured or linked within the corporate hazard register. These inconsistencies - combined with differing hazard definitions and unclear integration with the OMS framework - undermine the organization’s ability to perform comprehensive, consistent, and comparable hazard identification and consequent risk assessments.

AP-03 Risk Assessment
AP-03 Risk Assessment

Finding Status

Non-compliant

Regulation

OPR

Regulatory Reference

6.5(1)(e)

Regulatory Requirement

A company shall, as part of its management system and the programs referred to in section 55,

(e) establish and implement a process for evaluating the risks associated with the identified hazards and potential hazards, including the risks related to normal and abnormal operating conditions.

Expected Outcome

It is expected that the company can demonstrate that:

  • The company has a compliant process for evaluating and managing risks that is established and implemented;
  • The method(s) for risk evaluation confirm that the risks associated with the identified hazards (related to normal and abnormal operating conditions) are based on referenced regulatory standards and are appropriate for the nature, scope, scale, and complexity of the company’s operations, activities, and are connected to the purposes and intended outcomes of the Facility IM;
  • Risks are evaluated for all hazards and potential hazards and include normal and abnormal conditions;
  • Risk levels are monitored on a periodic basis and as needed and re‑evaluated for changing circumstances;
  • Risks are managed using defined methods appropriate to the OPR section 55 programs; and
  • Risk tolerance/acceptance criteria is determined for all hazards and potential hazards.

Relevant Information Provided by the Company

The following key documents and records are related to this finding:

  • Operational Risk Management Program
  • Operational Risk Management Process
  • Operational Risk Matrix Procedure
  • Operational Risk Matrix
  • Hazard Management Process
  • Risk Prevention Process
  • Risk Review Process
  • Management of Change Process
  • HAZOP Study Report
  • Operational Risk Management Training Material
  • Hazard Register

The following interviews are related to this finding:

  • Interview 1.3 – AP‑03 paragraph 6.5(1)(e) of the OPR Risk Assessment
  • Field Inspection Interview with Area Supervisor, Field Inspector, HSE Advisor, and Director HSE Compliance

Finding Summary

Multiple gaps were identified in the company’s risk assessment framework, including the existence of overlapping OMS-level processes with unclear precedence, the absence of a documented and consistently applied facility-level risk assessment process, and the lack of a comprehensive assessment covering all applicable integrity hazards. The company has not demonstrated that likelihood and consequence evaluations have been completed across all asset types, and records such as the Regina Terminal HAZOP and Hazard Register provide only partial or high-level assessments. Additionally, the risk-based methodology used under the maintenance, reliability and inspection program is not formally approved or traceable, and limited cross-referencing among risk-related documents creates weak integration. Finally, while contingency and emergency planning processes are referenced, their linkage to risk evaluation is not explicit, reducing alignment with OPR requirements.

Detailed Assessment

The company has not satisfied all the expected outcomes listed under AP‑03. This section will first discuss the documented process, and then it will discuss the deficiencies.

The company’s Operational Risk Management framework is supported by a suite of documents that collectively establish and implement a process for evaluating risks associated with identified hazards and potential hazards, including those related to normal and abnormal operating conditions. The documents reviewed are governed under the company’s OMS and meant to align with regulatory standards such as CSA Z662, American Petroleum Institute (API) Recommended Practice (RP) 1173, and the OPR.

The company’s ORM framework is structured and comprehensive. The Operational Risk Management Process outlines a step‑by‑step methodology for identifying, analyzing, evaluating, and managing risks. It includes:

  • Hazard Identification: Through tools such as JHAs, HAZOPs, and PSSRs.
  • Risk Analysis and Evaluation: Using the Operational Risk Matrix, which defines consequence and likelihood categories to determine residual risk rankings.
  • Risk Control Development: Including both preventive and mitigative controls, with prioritization based on the hierarchy of controls.
  • Risk Acceptance Criteria: Defined thresholds for acceptable risk levels and communication and approvals required.
  • Integration with MOC: The Management of Change Process ensures that any changes impacting risk are evaluated and managed appropriately.
  • Periodic Review: The Risk Review Process and High‑Risk Prevention Process provide mechanisms for ongoing monitoring, trending, and reassessment of risks.

The corporate process for hazard evaluation further reinforces the identification and evaluation of hazards, explicitly including both normal and abnormal operating conditions. It also mandates updates to the Hazard Register and links to the MOC process when new or adjusted controls are required.

The corporate process for risk review establishes a structured, recurring, and data‑driven method for evaluating risks associated with identified hazards and potential hazards. The process requires frontline personnel to identify hazards, near misses, and incidents and enter them into Maximo or Velocity, creating the foundational dataset for risk evaluation. These inputs are analyzed during risk reviews, where the Core Team evaluates trends, determines whether existing controls effectively manage risks, and considers both normal and abnormal operating conditions through controls such as operating procedures, SCADA monitoring, alarm systems, leak detection, and maintenance programs embedded in the risk management plans. When risks are not adequately managed, the process mandates development of risk recommendations, adjustment of controls, and tracking of corrective and preventive actions to ensure follow‑through and continual improvement.

Therefore, the company has established documented risk evaluation processes, defining methods for assessing risk, and having mechanisms for periodic review and risk management.

While the company has demonstrated a strong foundation in risk assessment, the following areas are deficient:

  • Multiple OMS‑level risk assessment processes exist, and how they relate and which takes precedence is unclear.
  • There is no evidence that risk assessment at the facility level follows a documented process for hazards other than process hazards. While process hazards relate to how the process operates and can deviate, facility integrity hazards relate to the physical condition and long‑term reliability of the equipment itself. Interviews revealed that risk assessments are performed based on an individual’s discretion, which may be attributable to implementation or training gaps.
  • No comprehensive risk assessment for all applicable integrity hazards has been conducted at the facility level. The company did not demonstrate that the likelihood and consequences of a release have been assessed for all applicable integrity hazards across different facility assets. While the Regina Terminal HAZOP Report includes risk assessments for some integrity hazards, it does not cover all applicable hazards (see AP‑02 assessment). Similarly, the Hazard Register provides only a high‑level, company‑wide risk assessment for internal and external corrosion, which is insufficient to demonstrate risk acceptability and control effectiveness at the facility and asset‑type levels.
  • There is no evidence that the risk‑based methodology used under the maintenance, reliability, and inspection program is formally approved and traceable as required. The organization has not demonstrated that the risk‑based methodology used under the maintenance, reliability, and inspection program—including Asset Criticality Assessment & Ranking (ACAR), Offshore and Onshore Reliability Data (OREDA), and subject matter expert input—was formally approved and traceable as per its own requirements. Current documentation does not clearly identify this approach as the approved method of record, nor explain how it is applied.
  • There is a lack of integration given limited cross‑referencing between the documentation related to risk assessment. This lack of integration may hinder users from understanding how the various components interact as a cohesive program.
  • The process does not specify how and when the risk evaluation criteria will trigger updates to contingency plans. While the Emergency Response and Contingency Planning processes are referenced in the ORM documentation, the linkage to risk evaluation is not explicit. The inclusion of the Emergency Response Plans and Pre‑Startup Safety Reviews acknowledges that emergency scenarios and abnormal conditions are considered during hazard identification. However, the process does not explicitly describe how the results of risk evaluations (e.g., high‑risk scenarios or unacceptable residual risks) are used to inform or trigger updates to contingency plans.
Conclusion

Multiple gaps were identified in the company’s risk assessment framework, including the existence of overlapping OMS-level processes with unclear precedence, the absence of a documented and consistently applied facility-level risk assessment process, and the lack of a comprehensive assessment covering all applicable integrity hazards. The company has not demonstrated that likelihood and consequence evaluations have been completed across all asset types, and records such as the Regina Terminal HAZOP and Hazard Register provide only partial or high-level assessments. Additionally, the risk-based methodology used under the maintenance, reliability and inspection program is not formally approved or traceable, and limited cross-referencing among risk-related documents creates weak integration. Finally, while contingency and emergency planning processes are referenced, their linkage to risk evaluation is not explicit, reducing alignment with OPR requirements.

AP-04 Controls
AP-04 Controls

Finding Status

Non-compliant

Regulation

OPR

Regulatory Reference

6.5(1)(f)

Regulatory Requirement

A company shall, as part of its management system and the programs referred to in section 55,

(f) establish and implement a process for developing and implementing controls to prevent, manage and mitigate the identified hazards, potential hazards and the risks and for communicating those controls to anyone who is exposed to the risks.

Expected Outcome

It is expected that the company can demonstrate:

  • The company has a compliant process for developing and implementing controls;
  • The method(s) for developing controls are appropriate for the nature, scope, scale, and complexity of the company’s operations and activities and the Facility IM;
  • Controls are developed and implemented;
  • Controls are adequate to prevent, manage, and mitigate the identified hazards and risks;
  • Controls are monitored on a periodic basis and as needed and re‑evaluated for changing circumstances;
  • Controls are communicated to those exposed to the risks.

Relevant Information Provided by the Company

The following key documents and records are related to this finding:

  • Hazard Management Process
  • Pipeline Integrity Management Program
  • Risk Review Process
  • Hazard Register
  • Operational Risk Management Training Material
  • Control Communication Records

The following interviews are related to this finding:

  • Interview 2.1 – AP‑04 paragraph 6.5(1)(f) of the OPR Controls
  • Field Inspection Interview with Area Supervisor, Field Inspector, HSE Advisor, and Director HSE Compliance

Finding Summary

The company’s control management practices lack the specificity, communication, and contextual consideration required for an effective and compliant risk control framework. Controls are documented at an overly broad program level, making them difficult to operationalize and preventing clear linkage between specific hazards and the control measures designed to mitigate them. No evidence was provided to demonstrate that controls are adjusted to reflect differences in asset types, operating conditions, or failure modes. Additionally, several integrity management documents are outdated or misaligned with regulatory requirements of the CER and CSA standards, further undermining the adequacy and reliability of the company’s control framework.

Detailed Assessment

The company has not satisfied all the expected outcomes listed under AP‑04. This section will first discuss the documented process, and then it will discuss the deficiencies.

The company has established a process for developing and implementing controls to address hazards and mitigate risks. The process is described across multiple documents including:

  • Corporate process for hazard evaluation;
  • Company program for Canadian pipeline integrity management (applicable to the pipeline only therefore not discussed further);
  • Corporate process for risk review.

As discussed under AP‑02, the corporate process for hazard evaluation outlines a structured approach to hazard identification, consequence analysis, control review, and control development. Steps specifically address the review of existing controls, determination of residual risk, and development of new or adjusted controls, and explicitly link control changes to the MOC process.

The corporate process for risk review complements this by providing a framework for evaluating the effectiveness of existing controls and recommending improvements. The corporate process for risk review involves analyzing risk controls for effectiveness and outlines how risk recommendations are developed when controls are found to be inadequate.

The corporate hazard evaluation and risk review processes both require controls to be documented in the Hazard Register and communicated to affected personnel, while the corporate hazard evaluation process outlines the communication and training requirements for new or adjusted controls. Various ways to communicate controls exist. Specific changes, such as setpoint adjustments, are communicated through MOC processes, where relevant teams (Control Centre, Hydraulics Engineering, Maintenance, and Operations) review and approve updates. Additionally, targeted communication occurs through presentations (e.g., PowerPoint sessions delivered via Microsoft Teams) to ensure all exposed personnel are informed. Regular monthly safety meetings further reinforce control awareness by reviewing Standard Operating Procedures, issuing safety alerts, discussing lessons learned, and addressing emerging risks, with attendance tracked for accountability.

Across the asset‑specific programs, the company has established frameworks for implementing and communicating operational controls through defined inspection, maintenance, monitoring, repair, and protective device requirements, supported by documented procedures, certified personnel, workflows, and MOC processes.

Interviews and documentation confirm that controls are implemented to mitigate risks identified through hazard assessments, incident investigations, and MOC processes. Examples include:

  • Updates to the Hazard Register;
  • Risk Review meeting minutes and recommendations;
  • MOC records for control changes;
  • Training materials and eLearning modules;
  • Integration with Maximo and SharePoint for tracking and communication.

The corporate process for risk review ensures that risk controls are evaluated for effectiveness and that recommendations are tracked to closure. Controls are monitored through key performance indicators (KPIs) such as overdue risk recommendations and control effectiveness metrics; however, the overdue risk recommendations KPI tracking stopped in late 2022 due to frequent adjustments, reducing its effectiveness.

Therefore, the company has a documented process for developing and implementing controls that outlines structured steps for reviewing existing controls, determining residual risk, developing new or adjusted controls, and linking changes to the management of change process. The process also provides a mechanism for periodically monitoring and reassessing control effectiveness, ensuring that implemented controls are reviewed and adjusted when circumstances change.

Despite the presence of a documented and partially implemented process, several deficiencies were identified:

  • The controls are too broad to be operationalized and lack specificity (e.g., listing a program document). For example, “integrity management program” was listed as a safeguard following the identification and analysis of a hazard related to asset integrity during a HAZOP at the Dewdney terminal. Generic controls such as “Pipeline Integrity Management Program” are referenced in the Asset Integrity – Hazard Register as singular controls, despite being composed of multiple and more targeted control measures. These control measures (e.g., overpressure protection devices, corrosion inspections) should be individually listed and explicitly linked to the specific hazards and risks they address.
  • The control process does not refer to any methods for developing controls but rather focuses on what type of document would apply, and no information is included as to how the company develops controls related to facilities. Also, the prevalence of procedure-based or administrative controls makes it unclear whether the full hierarchy of controls was considered. No evidence of records show the company accounts for contextual factors such as asset type which may influence the adequacy of controls. For example, different asset types (e.g., pipelines, storage tanks, processing facilities) have unique failure modes, operating conditions, and environmental exposures. Controls that are adequate for one asset type may be insufficient for another. The process does not demonstrate how control frequency or type is adjusted based on these variables.
  • The integrity management documentation is inadequate as it does not incorporate the relevant regulatory requirements i.e., the OPR and CSA Z662 for the CER-regulated assets and/or is not kept current as per the company’s internal requirements.
    Examples:
    • Company piping inspection and test plan for pressure equipment;
    • Company integrity management system for pressure equipment;
    • The maintenance, reliability and inspection program document is outdated and contains discrepancies between documented requirements and the activities performed in the field. The company did not demonstrate that changes to maintenance or inspection procedures are supported by a formally approved, documented, and traceable failure-analysis methodology (e.g., FMEA, RCM, or equivalent). Although the information request response references the use of ACAR, OREDA data, and subject matter expert input, this methodology is not documented within the management system, and there is no evidence that ACAR is formally recognized as the approved risk-based methodology under the maintenance, reliability and inspection program. As a result, the approval and traceability required to justify changes to maintenance and inspection activities were not demonstrated; and
    • The integrity data management process is outdated.
  • The Facility IM and Facility IM Program Manual are listed as controls; however, these are currently under development and not established.
Conclusion

The company’s control management practices lack the specificity, communication, and contextual consideration required for an effective and compliant risk control framework. Controls are documented at an overly broad program level, making them difficult to operationalize and preventing clear linkage between specific hazards and the control measures designed to mitigate them. No evidence was provided to demonstrate that controls are adjusted to reflect differences in asset types, operating conditions, or failure modes. Additionally, several integrity management documents are outdated or misaligned with regulatory requirements of the CER and CSA standards, further undermining the adequacy and reliability of the company’s control framework.

AP-05 Hazard & Incident Reporting and Response
AP-05 Hazard & Incident Reporting and Response

Finding Status

Non-compliant

Regulation

OPR

Regulatory Reference

Paragraph 6.5(1)(r)

Regulatory Requirement

A company shall, as part of its management system and the programs referred to in section 55,

(r) establish and implement a process for the internal reporting of hazards, potential hazards, incidents and near-misses and for taking corrective and preventive actions, including the steps to manage imminent hazards.

Expected Outcome

It is expected that the company can demonstrate that:

  • The company has a compliant process that is established and implemented;
  • The company has defined its methods for internal reporting of hazards, potential hazards, incidents and near-misses;
  • Hazards and potential hazards are being reported as required by the company’s process;
  • Incidents and near-misses are being reported as required by the company’s process;
  • The company has defined how it will manage imminent hazards;
  • The company is performing incident and near-miss investigations;
  • The company’s investigation methodologies are consistent and appropriate for the scope and scale of the actual and potential consequences of the incidents or near misses to be investigated;
  • The company has defined the methods for taking corrective and preventive actions; and
  • The company can demonstrate through records that all corrective and preventive actions can be tracked to closure.

Relevant Information Provided by the Company

The following key documents and records are related to this finding:

  • Incident Management Program
  • Incident Management Procedure
  • Hazard Identification Reporting Process
  • Risk Review Process
  • Incident Summary Report
  • Incident and Hazard Identification Records
  • Lessons Learned Bulletin
  • Incident Database Export
  • Risk Management Supporting Documentation

The following interviews are related to this finding:

  • Interview 2.2 – AP‑05 paragraph 6.5(1)(r) of the OPR Hazard & Incident Reporting and Response
  • Field Inspection Interview with Area Supervisor, Field Inspector, HSE Advisor, and Director HSE Compliance

Finding Summary

The audit identified gaps between the company’s documented incident and hazard management processes and their actual implementation. Misalignment between written procedures and the reporting software creates inconsistencies that risk incomplete or inaccurate incident tracking. Guidance for managing imminent hazards is limited, lacking clarity on immediate control actions and communication expectations. The internal reporting process does not align with hazard and potential hazard definitions used elsewhere in the organization or in applicable standards, increasing the likelihood of incorrect or inconsistent reporting.

Detailed Assessment

The company has not satisfied all the expected outcomes listed under AP‑05. This section will first discuss the documented process, and then it will discuss the deficiencies.

The company is utilizing the following controlled documents for its process for internal reporting of hazards, potential hazards, incidents, and near‑misses, and for taking corrective and preventive actions:

  • Program for incident reporting and investigation;
  • Procedure for incident management;
  • Process for hazard identification reporting; and
  • Process for risk review.

As described in these documents, the company has established a process that includes the identification, reporting, investigation, and resolution of hazards and incidents. The program outlines the requirements for reporting and investigating incidents and near‑misses, including root cause analysis and the development of corrective and preventive actions. The procedure provides detailed steps for conducting investigations, collecting evidence, and ensuring appropriate follow‑up. The process for hazard identification and reporting describes how hazards are proactively identified and logged, and how corrective actions are assigned and tracked. The process for risk review integrates incident data into broader risk management activities, including the evaluation of control effectiveness and the development of risk recommendations.

The process includes the following key elements:

  • Reporting Tools: Maximo IM and VelocityEHS are used to log incidents, near‑misses, and hazard IDs. These systems support workflow progression, corrective action tracking, and automated notifications.
  • Investigation Methodology: Incidents are classified by risk level using the Operational Risk Management Matrix. High and Very High‑risk incidents require formal root cause analysis using structured methodologies (e.g., Apollo, TapRoot). Lower‑risk incidents require identification of causes and contributing factors as a minimum.
  • Corrective and Preventive Actions: All incidents and non‑Fast Path Hazard IDs (HIDs) must have at least one corrective or preventive action assigned and tracked to closure. The process ensures consistency and accountability.
  • Communication and Lessons Learned: Lessons learned are shared through bulletins, safety meetings, and training modules. The HSE functional group manages the distribution of shared learnings.
  • Integration with OMS: The process is linked to other management system elements, including risk evaluation, control development, communication, and operational coordination.

The company provided records from the Wascana Pipeline and Regina Terminal, which demonstrate implementation of the process. These records include hazard IDs, incidents, and corresponding corrective actions. Examples include:

  • Installation of door retention chains to address equipment enclosure hazards;
  • Replacement of faulty valves and connections to prevent leaks;
  • Logic programming to enable alarms for new systems;
  • Investigation of unauthorized crossings;
  • Reclassification of near misses to incidents with appropriate medical follow‑up.

These records confirm that hazards and incidents are being reported, investigated, and resolved. Therefore, the company has a documented process for internal reporting of hazards, potential hazards, incidents, and near misses. The hazards, incidents, and near misses are being reported and investigated, corrective and preventive actions are assigned, and actions are tracked to closure through systems such as Maximo IM and VelocityEHS. The company also applies structured investigation methodologies proportionate to incident severity and integrates lessons learned into safety meetings and communications, demonstrating that investigations are performed and that corrective actions are systematically managed and are traceable.

The process includes mechanisms for sharing lessons learned and there is a defined criteria for when and how investigation outcomes should be communicated to internal and external stakeholders as per the company’s process for lessons learned.

Despite the presence of a documented and partially implemented process, several deficiencies were identified:

  • The process is not implemented as written. Discrepancies exist between documented incident management procedures and the software platform used internally for reporting incidents and near misses. This misalignment may lead to confusion and gaps in incident tracking and resolution;
  • Information provided regarding imminent hazards is limited to reporting requirements and does not include detailed steps for the management of the hazard, such as immediate identification, control measures, and communication protocols;
  • The company’s internal reporting process relies on Hazard IDs, which are not aligned with the hazard and potential hazard definitions used in the ORM Process or CSA standards, resulting in inconsistent understanding and incorrect or incomplete reporting of hazards and potential hazards;
Conclusion

The audit identified gaps between the company’s documented incident and hazard management processes and their actual implementation. Misalignment between written procedures and the reporting software creates inconsistencies that risk incomplete or inaccurate incident tracking. Guidance for managing imminent hazards is limited, lacking clarity on immediate control actions and communication expectations. The internal reporting process does not align with hazard and potential hazard definitions used elsewhere in the organization or in applicable standards, increasing the likelihood of incorrect or inconsistent reporting.

AP-06 Inspection and Monitoring
AP-06 Inspection and Monitoring

Finding Status

Non-compliant

Regulation

OPR

Regulatory Reference

Paragraph 6.5(1)(u)

Regulatory Requirement

A company shall, as part of its management system and the programs referred to in section 55,

(u) establish and implement a process for inspecting and monitoring the company’s activities and facilities to evaluate the adequacy and effectiveness of the programs referred to in section 55 and for taking corrective and preventive actions if deficiencies are identified.

Expected Outcome

It is expected that the company can demonstrate that:

  • The company has a compliant process that is established and implemented;
  • The company has developed methods for inspecting and monitoring their activities and facilities;
  • The company has developed methods to evaluate the adequacy and effectiveness of the programs referred to in section 55;
  • The company has developed methods for taking corrective and preventive actions when deficiencies are identified;
  • The company is completing inspections and monitoring activities as per the company’s process; and
  • The company retains records of inspections, monitoring activities, and corrective and preventive actions implemented by the company.

Relevant Information Provided by the Company

The following key documents and records are related to this finding:

  • Operations Management System Assurance Program
  • Operations Management System Processes
  • Pipeline Integrity Management Program
  • Tank Integrity Management Program
  • Asset Integrity Assurance Plan
  • Corrective and Preventive Actions Management Process
  • Incident Management Program
  • Maintenance Reliability and Inspection Program
  • Pressure Equipment Integrity Management Program
  • Inspection Records
  • Management Review Report

The following interviews are related to this finding:

  • Interview 3.1 – AP‑06 paragraph 6.5(1)(u) of the OPR Inspection and Monitoring
  • Interview 5.1 – maintenance, reliability, and inspection program document owner interview
  • Field Inspection Interview with Area Supervisor, Field Inspector, HSE Advisor, and Director HSE Compliance

Finding Summary

The OMS framework lacks clear documented requirements for conducting facility inspections or using results to evaluate program adequacy and effectiveness. Inspection practices for the below-ground station piping are particularly deficient, with no formal plans, procedures, or triggers. Additionally, assurance methods are inconsistently applied due to non-mandatory sub-element plans. Furthermore, key inspection procedures, including those for below-ground piping and routine monthly inspections, are undocumented, limiting the organization’s ability to demonstrate systematic oversight of its facility management in alignment with the expectations of the CER.

Detailed Assessment

The company has not satisfied all the expected outcomes listed under AP‑06. This section first discusses the documented process, followed by identified deficiencies.

A process has been established for inspecting and monitoring activities and facilities to evaluate the adequacy and effectiveness of programs and to take corrective and preventive actions when deficiencies are identified. The company has multiple layers of documentation that collectively describe how inspections and monitoring are conducted across its operations.

The OMS Process documents outline the overarching framework for assurance, performance management, and continuous improvement. They include other processes such as Audit Finding and Corrective Action Management, Gap and Improvement Action Management, and Performance Management. These processes are supported by governance meetings, strategic planning, and management reviews.

The process for corrective and preventive actions defines an eight‑step process for identifying, implementing, and verifying corrective and preventive actions. It includes SMARTER criteria for action development and outlines assurance activities to evaluate effectiveness. This process is integrated with incident investigations and audit findings.

The program for tank integrity management provides a structured approach for managing tank integrity. It defines inspection intervals for API 653 and Steel Tank Institute (STI) tanks, outlines triggering mechanisms for Engineering Critical Assessments, and includes a deviation process for altering inspection intervals. The program also integrates with the MOC process and specifies competency requirements for inspectors.

The pressure equipment integrity management and maintenance, reliability and inspection programs establish frameworks for ensuring the safe, compliant, and reliable operation of PMC’s assets by defining structured processes for equipment inspection, monitoring, maintenance, documentation, and corrective action. The pressure equipment integrity management program focuses specifically on pressure equipment—such as pressure vessels, boilers, piping, relief devices, and associated protective systems—detailing requirements for design control, installation, in‑service inspections, integrity assessments, overpressure protection, and regulatory interaction to maintain the fitness‑for‑service of pressure equipment throughout its lifecycle. Meanwhile, the maintenance, reliability and inspection program applies more broadly across all asset classes, outlining maintenance philosophies, Computerized Maintenance Management System‑driven work execution, predictive and preventive maintenance practices, equipment‑specific Mechanical Integrity and Maintenance Specifications, and inspection requirements that support other OMS programs (e.g., Process Safety, Pipeline Integrity, Environmental Management, and Security). Together, these documents create an integrated management system approach that ensures equipment integrity, regulatory compliance, early detection of deficiencies, and the effective implementation of corrective and preventive actions across the organization.

The 2024 Annual Management Review presented during the audit evaluates the performance of the asset integrity sub‑element, including inspection and monitoring activities. It includes KPIs, performance trends, and improvement actions.

PMC provided documentation of inspection intervals, assessment procedures, and corrective action workflows. Records are maintained in multiple systems, including PCMS, Maximo, VelocityEHS, IRAS, Cambio, and SharePoint.

Therefore, the company has an established and implemented process for inspection, monitoring, and corrective action through its programs, that define inspection intervals, maintenance and monitoring requirements, assessment procedures, and corrective and preventive action workflows. These programs also outline methods for identifying deficiencies and implementing corrective actions, including integration with MOC and structured verification steps. The company is completing many inspection and monitoring activities in practice—supported by documentation such as inspection intervals, assessment procedures, and maintenance records—and retains evidence of these activities across its systems, confirming that inspection results and corrective/preventive actions are being recorded and maintained.

Despite the presence of the process, several deficiencies exist:

  • The OMS framework lacks defined requirements for conducting facility inspections and determining inspection needs. Although inspections occur, there is no documented evidence of how their results are used to assess the adequacy and effectiveness of the facility integrity management for facilities.
  • The inspection process for the below‑ground station piping is not documented and there are no formal integrity inspection plans. It is unclear what triggers an inspection. Some of the below‑ground pipeline is over 50 years old and has never been inspected nor has PMC demonstrated that it has plans for inspecting the below‑ground piping.
  • Methods used to evaluate program adequacy and effectiveness are not being applied consistently across programs, as sub‑element assurance plans are not mandatory, leading to variability in how assurance activities are conducted.
  • Procedures to conduct certain inspections are not documented (e.g., below‑ground piping, monthly inspections). Inspections used to inform the adequacy and effectiveness of the program should be documented, but no documentation was provided about how to conduct those inspections.
Conclusion

The OMS framework lacks clear documented requirements for conducting facility inspections or using results to evaluate program adequacy and effectiveness. Inspection practices for the below-ground station piping are particularly deficient, with no formal plans, procedures, or triggers. Additionally, assurance methods are inconsistently applied due to non-mandatory sub-element plans. Furthermore, key inspection procedures, including those for below-ground piping and routine monthly inspections, are undocumented, limiting the organization’s ability to demonstrate systematic oversight of its facility management in alignment with the expectations of the CER.

Top of Page

Appendix 2: Terms and Abbreviations

For a set of general definitions applicable to all operational audits, please see Appendix I of the CER Management System Requirements and CER Management System Audit Guide found on www.cer-rec.gc.ca.

Appendix 2: Terms and Abbreviations

Term or Abbreviation

Definition

ACAR

Asset Criticality Assessment & Ranking

API

American Petroleum Institute

CAPA

Corrective and Preventive Action

CSA

Canadian Standards Association

CER

Canada Energy Regulator

CER Act

Canadian Energy Regulator Act (S.C. 2019, c. 28, s. 10)

CVA

Compliance Verification Activity

Facility IM

Facility Integrity Management

FMEA

Failure Modes and Effects Analysis

HAZOP

Hazard and Operability

HSE

Health, Safety, and Environmental

IMP

Integrity Management Program

JHAs

Job Hazard Assessments

MOC

Management of Change

NGL

Natural Gas Liquids

OMS

Operations Management System

OPR

Canadian Energy Regulator Onshore Pipeline Regulations (SOR/99-294)

OREDA

Offshore and Onshore Reliability Data

PCMS

Plant Condition Management System

PHA

Process Hazard Analysis

PMC or the company

Plains Midstream Canada ULC

PSSR

Pre-Startup Safety Reviews

RP

Recommended Practice

Top of Page
Date modified: