Compliance Assurance

AESI compliance assurance focuses on supporting the foundation of a good compliance program, promoting a culture of compliance and managing an organization’s risk. We assist organizations by identifying risks and closing gaps in compliance processes, documenting those processes that achieve and sustain compliance, implementing internal controls to monitor compliance, and utilizing software tools to reduce risk and the compliance burden.

  • Gap Assessments – Identify areas of risk and receive remediation recommendations plus actionable value. Identified risks are assigned a severity using a color-coded dashboard that enables the compliance and management team an at-a-glance review of the assessment results while providing real-time feedback regarding the organization’s compliance posture.
  • Regulatory Compliance Programs (RCPs) – Using a risk-based approach, AESI works with utilities of all sizes to design and implement their overall strategy and central tenets for an effective and sustainable RCP, establishing their organizational structure, and developing their compliance policies, procedures, internal controls, and training programs.
  • Policies, Plans & Procedures – Sustain a healthy compliance posture. AESI can create, review and update an organization’s compliance documentation framework to address the latest regulatory compliance obligations and the most current internal organizational processes to meet those obligations.
  • Internal Controls & Evaluation (ICE) – AESI performs ICEs to assess the effectiveness of an organization’s internal controls program towards the goal of achieving reasonable assurance that meets compliance objectives. We follow the NERC ERO enterprise guide when performing ICE to ensure consistency with regional ICE activities. Although written by NERC, this guide is based on broad industry best practices and is equally applicable to other regulatory frameworks and requirements. AESI also works with organizations to design, document and integrate internal controls into their compliance programs.
  • Cyber Vulnerability Assessment (CVA) – Receive a thorough and accurate cyber risk profile with a prioritized list of recommendations and actions plans. AESI offers CVAs in alignment with industry cyber security standards such as NERC CIP, ISO 27001, NIST, and security best practices—leveraging structured and proven assessment methodologies.
  • Audit Preparedness – Mock Audits & Witness Preparation – AESI’s Mock Audit approach emulates the “true” audit process—conducted with greater rigor and detail—than actual auditors. We utilize leading industry best practices to produce meaningful real-time feedback and easy to understand reports with practical and operationally viable recommendations for implementation. Independent of a Mock Audit, AESI also offers standalone Witness Preparation. We perform training, review actual RSAWs with staff and SMEs, pose interview questions, discuss and review responses, and provide valuable guidance. It is our goal to ensure that your team is well prepared for its next audit engagement.
  • Compliance Management Tools Assessment – Spanning the most basic of spreadsheets to the more complex Compliance Management Systems (CMS), AESI identifies pain points and makes recommendations for both existing and new compliance tools that will help achieve and sustain proactive compliance programs.