Internal Controls: Capitalizing on Embedded Processes

Internal Controls: Capitalizing on Embedded Processes

In the interest of shining some light into the dark corners of compliance processes, today’s issue is Internal Controls and how many entities have perfectly effective controls though they may not have been identified.

Within the labyrinth of dozens of mandatory reliability standards and hundreds of requirements in the world of NERC compliance, one of the most discussed and misunderstood features of the process is not mandatory at all. Unlike issues unique to the Bulk Electric System like voltage control, operating limits, and system operator training, internal controls are a common feature of nearly every industry and process where rules need to be followed.

In one sense, the requirements within the reliability standards are numbingly simple. One must either have a procedure to do something and/or evidence one did something. What those “somethings” are can be quite detailed, but the basic process of compliance is simple.

NERC guidance delineates three types of controls for helping assure the actions required to maintain electric system reliability are followed. They are: Preventive, Detective, and Corrective controls. These steps point to eliminating, to the extent possible, errors of omission or commission.

Like a lot of things, there is a continuum of approaches to controls for adherence to the reliability standards. Some entities begin with and stay with the basics, maintaining they have procedures for fulfilling their compliance responsibilities, and as such they are done. Period. On the other end are dedicated teams, internal processes, working groups, and stand-alone manuals. The creation, tracking, dissemination, maintenance, and testing of controls is laid out in exhausting detail and becomes a kind of cottage industry within the organization, often working hand in hand with the internal audit group.

A robust and logical compliance program has an infinite number of ways to address controls. A review and cataloging of current practices are excellent ways to assemble the basic structure of a controls function. Time and again we have found, to their surprise, many entities have perfectly effective controls already in place.

These include:

Ultimately, Registered Entities should do what works for them based on their size, tools, and risk to the Bulk Electric System. There is no one-size-fits-all for a controls program. Do what works and be flexible if you find out something works better.

Close Menu