An Audit Report on Pipeline Safety at the Railroad Commission
November 2011
Report Number 12-005
Overall Conclusion
The Railroad Commission (Commission) performed standard pipeline safety inspections substantially in compliance with federal and state requirements. Each year, the Commission formulates a risk-based pipeline inspection work plan that prioritizes pipeline systems for inspection. Its inspection procedures were comprehensive and detailed. The Commission also cited violations and assessed penalties in accordance with Texas Administrative Code requirements.
The Commission has opportunities to strengthen its Pipeline Safety and Damage Prevention programs in four primary areas:
- Increasing the number of inspections of pipeline systems ranked as the highest priority.
- Increasing the accuracy and completeness of its annual pipeline inspection work plan and ensuring that it conducts required reviews of pipeline operators' integrity management plans.
- Consistently following its procedures for closing pipeline damage incidents and ensuring that investigations are completed before an incident is closed.
- Strengthening certain information technology controls, including addressing significant weaknesses in its Pipeline Evaluation System (PES).
Increasing Inspections of High-priority Systems
The Commission should increase the number of inspections it performs of the pipeline systems ranked as the highest priority for inspections. The Commission inspected only 65 percent of the pipeline systems ranked as highest priority in its 2010 annual pipeline inspection work plan.
In addition, the Commission should improve the accuracy and completeness of its annual pipeline inspection work plan to ensure that the work plan accurately prioritizes all pipeline systems for inspection. Auditors identified errors and omissions in the annual pipeline inspection work plans reviewed. While those errors and omissions were isolated to certain processes or types of pipelines, they could result in the Commission not inspecting some pipelines. It is important to note, however, that this risk is mitigated by federal and state pipeline safety regulations that require pipeline operators to inspect and monitor all of their own systems.
Conducting Required Reviews of Integrity Management Plans
The Commission should comply with the Texas Administrative Code and review the required number of integrity management plans that pipeline operators prepare. An integrity management plan is a pipeline operator's overall approach to protecting its pipeline system from leaks and ruptures. Federal regulations require pipeline operators to provide assurance of safe pipeline operation in populated areas.
Following Damage Prevention Procedures
The Commission complied with federal requirements to establish a pipeline Damage Prevention Program. From September 2007 through April 2011, the Commission received 37,122 pipeline damage incident reports and cited 11,527 violations. It assessed $4,242,958 in total penalties and collected $3,420,133.
The Commission should consistently follow its procedures for closing pipeline damage incidents that are reported through its online reporting system, the Texas Damage Reporting Form (TDRF). In January 2010, the Commission closed a backlog of incident reports without completing an investigation to determine the cause of the incident, as required by its procedures. Because the Commission did not retain sufficient documentation, auditors could not determine how many of the 13,649 total incidents the Commission closed in 2010 were closed without a complete investigation.
Strengthening Controls Over Information Systems
The Commission should ensure that the data in PES is complete, accurate, and reliable. The Commission relies on PES to track pipeline systems and inspection information and to produce the key reports used to prioritize inspections and to plan and manage the Pipeline Safety Program. However, weaknesses related to pipeline jurisdictional status determination, data entry controls, pipeline coding, and coding language within the system limits the accuracy, completeness, and reliability of the data in PES and the Commission's annual pipeline inspection work plan reports. In addition, the Commission did not ensure that the data it migrated from its former systems to PES was complete and accurate. As a result of weaknesses in PES and the lack of other documentation, auditors concluded that the data in PES was not sufficiently reliable for the purposes of this audit.
The data in TDRF was sufficiently reliable for the purposes of this audit. However, the Commission should strengthen edit checks over the data in incident damage reports that pipeline operators upload into TDRF. In addition, the Commission should implement a secondary review process to verify that its staff enter into TDRF all the information needed to substantiate the Commission's decisions related to incident reports.
The Commission also should strengthen certain general controls to protect its automated systems, applications, and data. The weaknesses in application and general controls that auditors identified increase the risk of unauthorized access to the Commission's automated systems and unauthorized disclosure, modification, and/or destruction of data.
Auditors communicated less significant issues to Commission management separately in writing.