EPAP Program Components


EPAP Program Components

EPAP consists of five major components:

  1. Controls & Evaluation of Controls
  2. Declarations
  3. Compliance Assessment
  4. Action Items
  5. Escalation & Enforcement

Details of these components are described in the EPAP Operator's Handbook. Summary descriptions appear below.

Controls & Evaluation of Controls
Every well-managed operator already has processes to ensure the effective conduct of its business. AER directives require that operators also implement processes that ensure compliance with the directive. Controls are special processes designed to ensure that underlying business processes actually reach their goals. EPAP asks operators to evaluate their controls on business processes aimed at compliance to ensure that they are effective.

Findings from the evaluations of controls heighten awareness of operational shortcomings that, when remediated, lead to improved effectiveness. Conclusions from the evaluations of controls form the basis for management's opinion about their state of compliance.

Under EPAP, Operator’s submit an annual Declaration to the AER via the EPAP System, attesting that they:

  • have the infrastructure (business processes and control environment) in place to ensure compliance with AER measurement and reporting requirements,
  • have evaluated their controls sufficiently to enable them to confidently declare that they have a reasonable level of assurance over the state of their infrastructure, and
  • are remediating problems identified by their evaluations.

The declaration is designed to involve the Operator's senior management to ensure that the opinion about the state of their infrastructure ensuring compliance has been given due consideration, and that any necessary remediation gets their support.
The full text of the declaration with its attachments is included as Appendix I of Directive 076: Operator Declaration Regarding Measurement and Reporting Requirements.

Compliance Assessment
The monthly compliance assessment process provides both the Operator and the Production Audit Team (PAT) with information that may indicate the possibility of a point to possible noncompliance events. This report is based on data available to the AER from many sources, including the PETRINEX and any data submitted directly to the AER. This report may present a number of indicators for each reporting producing facility.

In general, compliance assessment indicators are not noncompliance events. The indicators merely suggest that something somewhere needs explaining; the concern is that whatever the situation is, it points to an instance of noncompliance. The intent of producing this report is to encourage continuous improvement on the part of operators and dialogue between operators and PAT members.

Action Items
An action item is triggered when the PAT member asks you to investigate or remediate a particular situation. These situations may have been identified from your compliance assessment report, from something on your declaration, from a voluntary self-disclosure, or from some other source.

The typical workflow of an action item is as follows:

  1. If, after discussion of the situation with you, an action item is initiated by a PAT member, the content of what you discussed is confirmed in an e-mail to you.
  2. When you complete the specified action, you enter a summary of what you found or did, on-line, to add to the history of the action item.
  3. The PAT member reviews the summary of your results and either closes the action item as complete or, if the compliance assessment indicator is not improving, initiates more action.

Escalation & Enforcement
Where a series of action items does not eliminate the compliance assessment indicator for a particular facility, the PAT member will escalate the remediation process by requesting that you provide more data. The first request will involve only company-level data:

  • descriptions of controls
  • evaluation of controls procedures

If this doesn't provide enough information to understand and resolve the issue, the PAT member may request more, such as the evaluation results for the facility in question.

Where a PAT review of this data and subsequent action items still do not eliminate or at least improve the compliance assessment indicator, the PAT can choose to conduct a controls-based or substantive audit of the facility in question.

For further information, refer to the EPAP Operator’s Handbook.

What’s in this Handbook?
This EPAP Operator’s Handbook (Handbook) is designed to provide guidance to Operators in implementing and operating EPAP, including designing and evaluating controls, using and interpreting the Compliance Assessment Reports (CAR), and via the EPAP System, responding to Action Items, and Declaration and Voluntary Self Disclosure (VSD) submissions.

EPAP System
Directive 76 requires that Operators submit the Declaration using the EPAP System. Further, Operators must respond to Action Items initiated by the PAT via the EPAP System. Access to the EPAP System is through the AER’s Data Submission and Reporting System available through the AER website. Guidance on how to use the EPAP System is provided in the Reference and Resources Section