Enterprise PSM Development, Implementation,
and Auditing
David A. Moore, Michael J. Hazzan, David M. Heller, and Martin R. Rose
AcuTech Consulting Group; dmoore@acutech-consulting.com (for correspondence)
Published online 8 August 2014 in Wiley Online Library (wileyonlinelibrary.com). DOI 10.1002/prot.11690
Process safety management (PSM) system auditing is evolv-
ing into a more business critical function and is receiving far
more attention than previously as PSM evolves. The expecta-
tion for success in PSM is high and auditing is a key opportu-
nity to validate the process and improve performance. Most
auditing processes address the PSM system from an incomplete
approach without consideration of the actual design of the
management system or goals of the organization. Auditing
can be more effective if synchronized to organizational design
and goals. PSM management systems and the audit process
that review them need to be defined from the fundamentals,
including the following considerations:
 What management model will be used?
 Which elements will the process comprise?
 Is the program regulatory driven or performance driven?
 Are there multiple performance objectives to be met?
 What key performance indicators (KPIs) will be used to
measure performance?
With that foundation, the auditing process can be defined
to assure compliance to the required system. Many compa-
nies are only now facing the rationalization of global PSM
performance. This article will outline an approach for defin-
ing corporate objectives, understanding options available,
defining a PSM program, defining performance objectives
and KPIs, designing an audit program, and then executing
the audit process. This is a necessity to ensure that the
enterprise-wide process is defined and managed for responsi-
ble management of process hazards [9th Global Congress on
Process Safety, San Antonio, TX, April 29May 1, 2013].
C 2014 The Authors. Process Safety Progress published by Wiley
V ance in the United States to the OSHA PSM Standard [3].
Periodicals, Inc. on behalf of American Institute of Chemical Engi-
neers Process Saf Prog 34: 9499, 2015
Keywords: process safety management; auditing; manage-
ment systems; metrics
INTRODUCTION
Process Safety Management (PSM) is a blend of engineer-
ing and management skills focused on preventing catastrophic
accidents, particularly explosions, fire and toxic releases asso-
This is an open access article under the terms of the Creative Com-
mons Attribution-NonCommercial-NoDerivs License, which permits
use and distribution in any medium, provided the original work is
properly cited, the use is non-commercial and no modifications or
adaptations are made.
C 2014 The Authors. Process Safety Progress published by Wiley
V practices, procedures, processes, and resources for develop-
Periodicals, Inc. on behalf of American Institute of Chemical Engineers
Process Safety Progress (Vol.34, No.1)
ciated with the use of chemicals and petroleum products [1].
It is a recognized practice since the 1970s when the term was
first used following the Flixborough accident in the United
Kingdom and popularized following the Bhopal accident in
1984. PSM is growing in interest within organizations and is
being recognized from all levels of the enterprise from the
operating level to the board room. In addition, there is a
growing global recognition of the necessity and value of pro-
cess safety thanks to the efforts of numerous organizations
and individuals who are promoting the cause.
With the experience of numerous catastrophic and highly
publicized events (BP, others), the need for improvement in
process safety is paramount. This fact was made clear in the
Baker Panel Report of the BP Texas City accident [2]. A critical
aspect of any management system is the need to review per-
formance and to then make corrections to the way it is
designed or being implemented to improve results. This is the
function of corporate governance, and the most effective way
to govern the issue of process safety has to be improved.
Process safety management system (PSMS) auditing is
evolving into a more business critical function and is receiv-
ing far more attention than previously as PSM evolves. The
expectation for success in PSM is high and auditing is a key
opportunity to validate the process and improve perform-
ance. Most auditing processes address the PSM system from
an incomplete approach without consideration of the actual
design of the management system or goals of the organiza-
tion. Auditing can be more effective if synchronized to
organizational design and goals.
Many companies are only now facing the rationalization
of global PSM performance versus only regulatory compli-
Global companies are realizing the need for uniform
approaches to managing PSM and assessing its performance.
A notable exception is the American Chemistry Councils
Responsible Care Management System [4].
This article will outline an approach for defining corpo-
rate objectives, understanding options available, defining a
PSM program, defining performance objectives and Key Per-
formance Indicators (KPIs), designing an audit program, and
then executing the audit process. This is a necessity to
ensure that the enterprise-wide process is defined and man-
aged for responsible management of process hazards.
DEFINING THE PSMS
The ISO 14001 Standard defines a management system as
that part of the overall management system that includes
organizational structure, planning activities, responsibilities,
ing, implementing, achieving, reviewing, and maintaining the
March 2015 94

Figure 1. Example PDCA approach to management systems.
[Color figure can be viewed in the online issue, which is
available at wileyonlinelibrary.com.]
environmental policy [5]. According to the CCPS Guidelines
for Auditing PSMSs [6], PSMSs are comprehensive sets of poli-
cies, procedures, and practices designed to ensure that bar-
riers to episodic and potential process safety incidents are in
place, in use, and effective. All modern management systems
typically follow the Plan-Do-Check-Act (PDCA) model used in
quality and environmental management systems as defined by
Deming and as recommended in ISO 19011 [7]. The PDCA
cycle, shown in Figure 1, starts with the need to plan the
activities. The authors experience is that many corporations
do not have a clearly defined PSM management system for
global operations and then an aligned governance function
including auditing that optimizes the process. Often the audit
function is vague and unplanned, leading to unsystematic
reviews and a lost opportunity to achieve enterprise wide
insights and conformance.
The fundamental decision that has to be made is the PSM
management system design itself. This is a complex topic, as
there are choices that can be made on the model PSM pro-
gram to implement and the extent of implementation. The
choice of PSM management system defines the underlying
opportunities for managing process safety risks.
PSM management systems and the audit process that
reviews them need to be defined from the fundamentals,
including the following considerations:
 What management model will be used?
 What processes and hazards should the program be
applied (e.g., what chemicals)?
Table 1. CCPS RBPS Elements.
AIChE CCPS RBPS Elements
Management Commitment
Process Safety Culture
Compliance with Standards
Process Safety Competency
Workforce Involvement
Stakeholder Outreach
Process Knowledge Management
Hazard Identification and Risk Assessment
Operating Procedures
Safe Work Practices
Auditing
Process Safety Progress (Vol.34, No.1) Published on behalf of the AIChE
 Which elements will the process comprise?
 Is the program regulatory driven or performance driven?
 Are there multiple performance objectives to be met?
 What KPIs will be used to measure performance?
With that foundation, the auditing process can be defined
to assure compliance to the required system.
Recent incidents and developments have shown that the
core PSM elements introduced by OSHA in the PSM Standard
do not fully include all of the relevant issues [8]. As a result,
one improved choice is the Risk-Based Process Safety (RBPS)
model described in the AIChE CCPS Guidelines for Risk
Based Process Safety [9], and outlined in Table 1. Still some
may already have an existing program in which case whole-
sale change to all of the elements may be problematic. In
other cases, companies have decided to implement some but
not all of the elements, or to supplement it with their own
elements. Other models may include proprietary models,
other regulatory models, or minimum efforts such as the U.S.
OSHA PSM Standard 14 elements [10].
If the above 20 elements are adopted, the audit scope is
recommended to be extended beyond these factors since
they mostly represent the technical aspects of the program
and they do not necessarily give a full indication of the
health of the process safety program. Other areas that could
be examined include:
1. Management policies and procedures to support the PSM
effort
2. Funding and budget versus actual expenditure
3. Staffing and resource allocation
4. Organization
5. Progress versus KPIs review
6. Incident statistics
7. Integration with other EH&S elements and departments
8. Senior management attention to the PSM program
DEFINING THE PSM AUDIT OBJECTIVES
ISO 19011 Clause 5 provides guidance for those who need
to establish and maintain an ongoing set of audits for an orga-
nization. The standard utilizes the PDCA cycle to define the
audit program. Some of the key actions addressed are:
 establishing the objectives and extent of the audit
program;
 establishing the responsibilities, resources, and
procedures;
 ensuring the implementation of the audit program;
 monitoring and reviewing the audit program to improve
its efficiency and effectiveness; and
 ensuring that appropriate program records are
maintained.
Asset Integrity and Reliability
Contractor Management
Training and Performance Assurance
Management of Change
Operational Readiness
Conduct of Operations
Goals, Objectives, and Plans
Emergency Management
Incident Investigation
Measurement and Metrics
Management Review and Continuous Improvement
DOI 10.1002/prs March 2015 95
 Section 5.2 in Figure 2 details the requirements for devel- For PSM, these objectives and priorities need to be care-
oping the program objectives and extent, which is key to fully considered in light of operating requirements, goals of
correcting the issues previously mentioned. It recommends the organization, risk tolerance, risk governance require-
that Objectives should be established for an audit program ments, legal requirements, and other considerations. Critical
to direct the planning and conduct of audits. These objec- to the effort is the alignment of the actual workings of the
tives can be based on consideration of: PSM management system itself (its programs, objectives, and
content), and the auditing program.
a. management priorities, Some potential objectives of a PSM audit program include
b. commercial intentions, the following, which are all in the interest of reducing pro-
c. management system requirements, cess safety risks and ensuring corporate governance:
d. statutory, regulatory, and contractual requirements,
e. need for supplier evaluation,  Improving process safety performance
f. customer requirements,  Identifying process safety risks and issues
g. needs of other interested parties, and  Improving understanding of PSM requirements
h. risks to the organization.  Assessing and influencing PSM culture

Figure 2. Audit program flowchart.

96 March 2015 Published on behalf of the AIChE DOI 10.1002/prs Process Safety Progress (Vol.34, No.1)
Table 2. AcuTech PSM System Element Ranking Levels.
[Color Table can be viewed in the online issue,
which is available at wileyonlinelibrary.com.]
Level Criteria
5.0 Superior (90100) Highest level of effectiveness and
completeness, Global Standard
as benchmarked against best
practice
4.0 Advanced (8090) Program exceeds the minimum
level of compliance in all
requirements; best practices
applied
3.0 Minimal (6080) Meets minimum intention in all
programs requirements
2.0 Incomplete (5060) A program exists, but it is lacking
completeness or effectiveness in
one or more areas
1.0 Inadequate (<50) No program exists or one or more
are incomplete or ineffective
 Achieving compliance to regulatory requirements
 Sharing best practices
 Due diligence as part of merger or acquisition.
Defining the objectives and scope is the area that most
companies fail to do leading to an unfocused audit program.
This could lead to a number of issues from lost opportunities
to address risk to failures in effort and scope leading to seri-
ous consequences.
DEFINING THE PSM AUDIT SCOPE
A third area that is critical to the effectiveness of a PSM
audit program is the scope of the audit. A PSM audit involves
examination of management system design, followed by
evaluation of management system implementation. The
design of the management system must be understood and
then evaluated to determine if the system, when functioning
as intended, will meet the applicable criteria. Management
has to decide on the scope of the audit initiative including
the number of elements to be examined, the depth of the
study, the frequency of the audits, and other factors.
ISO 19011 outlines the Extent of an audit program in PSM
Audit Protocol:
The extent of an audit program can vary and will be
influenced by the size, nature, and complexity of the organi-
zation to be audited, as well as by the following:
a. the scope, objective, and duration of each audit to be
conducted;
b. the frequency of audits to be conducted;
c. the number, importance, complexity, similarity, and loca-
tions of the activities to be audited;
d. standards, statutory, regulatory, and contractual require-
ments and other audit criteria;
e. the need for accreditation or registration/certification;
f. conclusions of previous audits or results of a previous
audit program review;
g. any language, cultural, and social issues;
h. the concerns of interested parties;
i. significant changes to an organization or its operations.
Clearly the PSM audit function is receiving more respect
and attention that in the early days of PSM being introduced
to industry. Lessons learned are that PSM is a very complex
issue and it deserves a thorough audit at least on par with
other corporate governance functions such as finance, envi-
ronment, and business operations.
Process Safety Progress (Vol.34, No.1) Published on behalf of the AIChE
Management should establish the overall policies that will
control the audit activity. Also, management should establish
and implement the appropriate management-system proce-
dures for the PSM audit program. From the CCPS Audit
Guidelines, a typical PSM audit procedure should address
the following topics:
Selecting facilities for PSM audits
Establishing frequency of PSM audits
Planning and conducting audits, including scheduling
Determining training and qualifications of auditors,
including lead auditors
Selecting and determining audit teams and assignment
of the lead auditor
Developing and maintaining the audit protocol
Selecting focus units/processes and sampling guidance
Documenting audits
Following up on audit findings
Determining format and content of audit reports
Distributing and retaining audit reports
Communicating audit results to the employees
Providing access to employees of audit results
Certifying audits (certification required by some process
safety regulations)
Figure 2 illustrates the audit process as a PDCA model
[11].
In addition, many companies have recognized the impor-
tance of using qualified independent auditors, that is, sec-
ond- or third-party auditors, in order to avoid conflicts of
interest and help ensure a nonbiased review. The recently
enacted Safety and Environmental Management System
requirements enacted by U.S. Bureau of Safety and Environ-
mental Enforcement for the offshore oil and gas industry
specifically incorporates this requirement.
PSM AUDIT PROTOCOL
PSM audits benefit from a defined protocol. Many audi-
tors simply use judgment and experience and focus on issues
of interest to them recognized during the audit. This may
lead to an imbalanced and incomplete result. Consequently,
defining a protocol of minimum questions or issues tailored
to the expectations of the enterprise for PSM will result in a
more complete appraisal. The CCPS Guidelines for Auditing
Process Safety Management Systems includes a complete
protocol based on the elements of the CCPS RBPS guidelines
[12]. This should be modified to suit the management sys-
tems being audited so there is alignment between the PSM
goals, the audit approach, and the report to management on
discrepancies to the PSM management system.
PSM METRICS
PSM metrics is a topic that is only recently been gaining
traction, again following the recommendations of the CSB
for the BP Texas City accident. The CCPS Audit Guidelines
recommend that metrics can provide useful input for deter-
mining the scope of PSM audits. For example, deficiencies
found in PSM program areas can be used to help determine
the scope of an audit. CCPS and others (CEFIC [13], HSE [14],
OECD [15]) have developed a set of metrics or guidance for
measuring PSM programs. The CCPS Guidelines for Risk
Based Process Safety and Guidelines for Process Safety
Metrics [16] contain additional guidance for use and auditing
of PSM metrics.
During the planning of the audit, metrics should be used
to define the areas of focus given there is limited time and
sampling possible. Also, during the audit, metrics can be
reviewed to gain valuable insight to the status of the pro-
gram implementation as well as various leading and lagging
DOI 10.1002/prs March 2015 97
Table 3. AcuTech PSM System Element Ranking Levels. [Color Table can be viewed in the online issue, which is available at
wileyonlinelibrary.com.]

Facilities
Element Elem. Wt. A B C D E F
Applicability 2 85.0 75.0 50.0 50.0 50.0 50.0
PSM Culture 2 79.6 94.4 94.4 88.9 88.9 88.9
Compliance w/Stds 1 25.0 25.0 62.5 100.0 100.0 81.6
PS Competence 1 90.6 83.0 88.7 84.0 91.5 81.1
Workforce Involvement 2 88.5 88.5 86.5 44.2 44.2 50.0
Stakeholder Outreach 1 76.9 100.0 100.0 100.0 100.0 100.0
Process Safety Information 3 88.0 87.2 88.0 90.2 88.0 72.8
Process Hazard Analysis 3 88.6 85.7 70.0 72.9 85.7 71.4
Operating Procedures 3 79.8 86.9 96.4 96.4 86.9 82.1
Safe Work Practices 2 54.0 74.0 74.0 100.0 94.0 94.0
Asset Integrity 3 88.4 81.5 95.8 98.4 75.3 80.0
Contractors 2 90.3 95.2 79.0 95.2 95.2 90.3
Training 2 84.6 89.7 85.9 92.3 89.7 88.5
Management of Change 3 67.0 73.6 100.0 97.2 50.0 87.5
Pre-Startup Safety Review 2 64.3 67.9 64.3 71.4 21.4 82.1
Conduct of Operations 1 80.8 80.8 80.8 80.8 80.8 69.2
Emergency Response 2 95.4 98.0 93.4 96.7 96.7 97.4
Incident Investigation 1 85.5 93.4 98.7 89.5 90.8 76.3
Metrics 1 64.6 73.2 81.7 56.1 61.0 61.0
Audits 1 68.0 72.0 70.0 80.0 72.0 76.0
Management Review 2 62.5 82.5 80.0 70.0 80.0 70.0
AVERAGE 40.0 78.4 82.6 83.7 84.3 76.9 78.7

indicators of performance. The audit may lead to enforce or

LITERATURE CITED
modify the metrics being collected.
PSM AUDIT SCORING SYSTEMS
There is no universal audit process or scoring system for
PSM, however, a scoring system is highly recommended to
be applied to the audit results. Therefore, the company
needs to make a choice of the design of a scoring system for
the audits. It is recommended to have both a score for each
question in a formal protocol and a scheme to summarize
this into an overall score. Such a system is illustrated in Table
2. This allows for relative measurement against other ele-
1. Center for Chemical Process Safety, American Institute of
Chemical Engineers, Community Response to Chemical
Release Emergencies, Available at http://www.aiche.
org/ccps/about/process-safety-faqs.
2. The Report of the BP U.S. Refineries Independent Safety
Review Panel, 2007.
3. Occupational Safety and Health Administration (OSHA),
Process Safety Management of Highly Hazardous Chemi-
cals, Explosives and Blasting Agents, Final Rule, 29 CFR
1910.119, Washington, DC, February 24, 1992.
R

ments as well as benchmarking at least within the same 4. (a) American Chemistry Council, RCMSV Technical
ranking system, such as across the enterprise. The design of Specification, RC101.02, March 9, 2005; (b) American
R

the scoring system must be able to objectively show results Chemistry Council, RCMSV Technical Specification Imple-
and allow for progress to be recorded in a tangible way mentation Guidance and Interpretations, RC101.02,
forward. January 25, 2004; (c) American Chemistry Council,
R

Table 3 shows how this system could be used to track the
status of development of PSM across all operating facilities of
an enterprise and to provide management with an executive
dashboard.
CONCLUSIONS
Carefully designing the PSM audit program to both reflect
the key expectations and objectives of the PSM management
system and to drive future performance will pay dividends.
Without this forward planning, it is likely that the audit team
will revert to do their best without a clear strategy behind
the effort, potentially leading to missed opportunities or
worse. Quantitative measurement of PSM efforts against
goals and specifications for the management system will
drive improvements in performance versus taking an excep-
tion only traditional approach whereby the audit team gives
findings and recommendations. Expanding the scope of the
PSM audit to include all of the now recognized necessary
elements and program support issues will help ensure the
fullest picture of PSM effectiveness emerges.
RCMSV Technical Specification Implementation Guidance
and Interpretations Appendices, RC101.02, January 25,
2004.
5. U.S. Environmental Protection Agency, Environmental
Management Systems, Available at http://www.epa.
gov/oecaagct/tems.html.
6. Center for Chemical Process Safety (CCPS), Guidelines
for Auditing Process Safety Management Systems, Ameri-
can Institute of Chemical Engineers, New York, 2007.
7. ISO 19011:2002, Guidelines on Quality and/or Environ-
mental Management Systems Auditing, International
Standard, International Organization for Standardization,
Geneva, Switzerland, 2002.
8. US Chemical Safety and Hazard Investigation Board,
Investigation Report, Refinery Explosion and Fire, BP
Texas City Refinery, US Chemical Safety and Hazard
Investigation Board, March 20, 2007.
9. Center For Chemical Process Safety (CCPS), Guidelines
for Risk Based Process Safety, American Institute of
Chemical Engineers, New York, 2007.

98 March 2015 Published on behalf of the AIChE DOI 10.1002/prs Process Safety Progress (Vol.34, No.1)
10. Part 1910, Occupational Safety and Health Standards, 29
Code of Federal Regulations.
11. ISO 19011:2002, Guidelines on Quality and/or Environ-
mental Management Systems Auditing, International
Standard, International Organization for Standardization,
Geneva, Switzerland, 2002.
12. Center for Chemical Process Safety (CCPS), Guidelines
for Auditing process Safety Management Systems, Wiley,
New York, 2011.
13. CEFIC, Guidance on Process Safety Performance Indica-
tors, 2nd Edition, 2011.
Process Safety Progress (Vol.34, No.1) Published on behalf of the AIChE
14. UK Health & Safety Executive, Developing Process Safety
Indicators: A Step-by-Step Guide for Chemical and Major
Hazard Industries, UK Health & Safety Executive,
HSG254, 2006.
15. Organisation for Economic Co-operation and Develop-
ment (OECD), Guidance on Developing Safety Perform-
ance Indicators, 2008.
16. Center for Chemical Process Safety (CCPS), Guidelines
for Process Safety Metrics, American Institute of Chemical
Engineers, New York, 2007.
17. 9th Global Congress on Process Safety, San Antonio, TX,
April 29May 1, 2013.
DOI 10.1002/prs March 2015 99