NERC has proactively transformed the compliance and enforcement program into one that is forward-looking, focusing on areas that represent a higher risk to the reliability of the bulk power system.
What does that mean to you?
It’s not about ‘cramming for the exam’ (audit) anymore. It’s about the identification, assessment, prioritization, and mitigation of system-wide risks. The risk-based CMEP encompasses an assessment to establish a registered entity’s inherent risk, and on a voluntary basis, an evaluation of a registered entity’s internal controls prior to establishing the compliance monitoring strategy that will be tailored to a particular entity or group of entities.
Sounds like lot of work and if it’s voluntary, why would you do it?
Because the return is substantial:
- focus is on the higher risk areas of concern and risk prioritization
- lower-risk violations can be corrected, self-logged, and penalties are minimized or eliminated
- reduction in number and breadth of audits
- provides a feedback loop to help improve/enhance existing governance documentation, internal controls, etc.
- facilitates self‐assessment of risk and compliance and allows matters to be corrected before they have a material impact on reliability
So how do you get in the game?
By assessing your compliance and operational risk, and establishing frameworks for internal risk management framework and internal controls.
Too busy working to keep the lights on?
It’s okay. AESI can help by assessing and developing a road map to mitigate, manage, and monitor compliance related risk for all applicable NERC Reliability Standards, Regional criteria, directives, or directories. We utilize industry best practices to establish:
- Risk factors/ risk criteria for Risk Elements Identification (REI)
- Inherent Risk Assessment (IRA)
- Annual Implementation Plan (AIP)
This ‘shift’ in how NERC monitors and enforces compliance will in-turn strengthen the reliability of the Grid—and really isn’t that where everyone’s focus should be? AESI’s practical understanding of day-to-day operations, reacting to an event and compliance, combined with strong Risk Management principles, provides you the pragmatic solutions that help you balance resources, budget and risk.