Internal Compliance Program Review
Registrations: BA, DP, GO, GOP, PA, RP, TO, TOP, TP, TSP
This review focused on the Compliance Plan document and identified any gaps, best practices, or recommendations for improvement. While a documented Compliance Plan is not a NERC or region requirement, it plays a crucial role in demonstrating a culture of compliance and assuring regulators that compliance with the applicable standards and requirements is a high priority within the organization. A well-documented plan serves as the foundation for building effective and resilient programs.
HSI used the following steps for the Compliance Program Review:
- Reviewed roles and responsibilities for all parts of the organization relative to compliance
- Evaluated resources applied and ability to perform compliance-related work
- Established a summary of the current Compliance Program model
- Identified future compliance activities and programs based on NERC efforts to evaluate and improve Internal Compliance Programs (program maturity, internal controls, human performance)
- Surveyed SMEs, management, and front-line staff for compliance burden and possible efficiency improvements
- Reviewed skills/experience of front-line staff for compliance activities
- Compared program to industry practices and NERC’s definition of effective compliance programs
- Identified gaps in the program including detection, reporting, and mitigation
- Identified areas for program improvement
- Provided business case for any changes
- Provided a confidential report
This holistic 360 view of the client’s compliance program included a broad spectrum of employees whose understanding and views on their compliance program were as critical to compliance success as having a solid procedure, process, and plan.
On-site Compliance Support, Mock Audit
Regions: WECC, RFC
Registrations: BA, DP, GO, GOP, RP
Initially, the client requested a gap analysis of selected standards to evaluate their compliance position. The on-site review resulted in several recommendations to improve the strength of their compliance program and led to a managed compliance services contract and an assignment to provide a gap analysis on all remaining standards applicable to their registered functions and draft RSAWs. We then developed and revised procedures as necessary.
The gap analysis resulted in self-reporting several violations. Our team drafted self-reports and mitigation plans for client review and submittal to WECC. HSI continues to assist with identifying upcoming standards that may affect their registrations, responding to NERC alerts, and making periodic data submissions.
HSI provides a variety of staff augmentation services. We developed an operation manual, an onboarding document, an Internal Compliance Program, a Safety Manual, procedures, RSAWs, requests for proposals, and acquisition work plans. In addition, we review proposed operating agreements and evaluate compliance evidence. Our team assists with functional registration and coordinates and facilitates communication with regional compliance staff.
Our services include:
- Establish CIP Evaluation of Acquired Assets Procedure document
- Design Reliability Risk Assessment Procedure
- Develop Extremely Low Maintenance & Overhead (ELMO) Compliance Staffing, Outsourcing, and Budgeting Procedure
- Produce tracking procedure for leadership support
- Write annual employee review and goal-setting procedure
- Establish compliance training program document
- Create communications plan
- Develop program implementation plan
- Create compliance incentives, awards, and recognition policy document
- Design disciplinary action policy for compliance violations document
- Establish NERC Compliance Annual Self-Audit and Internal Report Program document
- Institute Self-Reporting of Possible Violations Procedure document
- Produce Off-Cycle ICP Modifications Procedure document
Our team identified and recommended a compliance software solution to manage the flow of compliance-related information and compliance tasks and hold easily accessible evidence for self-audit and Regional Entity audit preparation.
HSI is an integral part of the client’s mission and acts to directly support their compliance and operations efforts. We are the authority for the client in several critical areas including compliance and registration.
Gap Analysis, Ongoing Compliance Advisory Services, and NERC Compliance Training
For the Gap Analysis, HSI performed a systematic review and examination of compliance records and activities to identify gaps between the client’s current program and the applicable NERC and RF Reliability Standards. Our team drafted Standard Cover Sheets and RSAWs and recommended improvements to the quality or quantity of evidence presented.
As part of the ongoing compliance services, HSI performs an annual third-party internal audit to update the compliance program and identify areas for improvement. HSI supports the client in all compliance efforts, including:
- Compliance investigation, sport check, and self-certification support and preparation
- Alleged violation and self-reporting and mitigation plan support and preparation
- SME assistance – RSAW preparation support
- Periodic data submittal support
- Drafting and revising procedures
- NERC alert response assistance
- Internal Compliance Program draft
HSI helped respond to the RF self-guided audit which had zero findings or recommendations. Our team developed all RSAWs and revised and developed procedures as required to strengthen the client’s compliance position. We developed an Internal Compliance Program.