February 22, 2012

Posts Comments

You are here: Home / Archives for Bloggers / Trey Kirkpatrick

The Next Steps to Prepare for NERC’s FFT Reporting

October 17, 2011 By Leave a Comment

Vice President, Energy & Utilities Compliance, AssurX Inc.

To continue the discussion on NERC’s new compliance enforcement initiative – Find, Fix, Track and Report (FFT Report),  there are a couple important things to consider as this new process is implemented.

NERC and the Regional Entities (RE) will be watching and reviewing the registered entities on prompt self-reporting of the potential violation, risk associated with the discovered issue, and the mitigating activities; either ones completed or the tasks that are underway.  The Regional Entities will be assigning a unique tracking number for the self-reports as they do now.  What will now take place during their evaluation is the severity of the risk to BPS, and the time discovered by the registered entity to the time reported to the RE.  NERC and the Regional Entities still urge all registered entities to notify their region as soon as a possible violation is discovered.

Registered entities with a strong compliance program will identify the potential violation and investigate internally with the proper resources as quickly as possible.  They will take immediate corrective actions to mitigate the discovered issue.  The registered entity will enter the issue into their corrective action tracking system and disposition to appropriate individual/department.  Such tracking systems trend and categorize all level of issues to assist management with identification of trends and areas of improvement.  This might initiate an internal self-assessment or even a root cause evaluation if the level has been determined severe.

The initiative that was submitted to FERC on September 30, 2011, stated that the registered entity’s compliance program, mitigation and corrective action programs, internal controls and culture of compliance will have an impact on how the Regional Entities evaluate the potential violation.  Key elements to promote these internal behaviors within an organization are:

  • Effective identification
  • Objective self-assessments
  • Internal evaluations, tracking, fixing, and trending issues

Identification of even low-level issues can help prevent larger issues that could have a major impact on the BPS.  The proper environment that encourages employees to bring up and identify issues is an important step.  This can only be done if management fosters this environment and encourages and rewards employees for discovering issues.  Senior management that demonstrates this will be taking the proper steps for building a strong culture of compliance.

The next FFT Report blog post will discuss the importance of an internal self-assessment program looking at all aspects of a good compliance program to ensure that the registered entity build and maintain strong internal programs.

You can follow Trey on Twitter.

TwitterFacebookDiggDeliciousTechnorati FavoritesEmailPrintFriendlyShare
Filed Under: Electric Reliability, Trey Kirkpatrick Tagged With: , , , ,

Managing NERC’s new Compliance Enforcement Initiative: Find, Fix, Track and Reporting Implementation

October 3, 2011 By 1 Comment

Vice President, Energy & Utilities Compliance, AssurX Inc.

On September 30th, 2011, NERC filed a new version of the Compliance Enforcement Initiative.  This is something that NERC, the Regional Entities, and the registered entities have been working on for a long time.  The primary focus has always been ensuring reliability of the Bulk Power System.  The registered entities have spent a lot of time and resources on implementation of the NERC and regional standards.  With my experience on both the utility side and the regulated side, I have personally seen the time it can take to process minor violations through the existing enforcement process.

This new process will be a huge improvement on moving potential violations through the pipeline and letting the regulator and entities focus on the higher risk to reliability.  NERC released their press statement that summarizes the new initiative:

“Through this initiative, NERC is looking to treat matters based upon the risk associated with them,” said Gerry Cauley, president and chief executive officer at NERC. “By identifying, mitigating and resolving issues that do not pose a serious risk to the reliability of the bulk power system, more resources can be focused on violations that do pose a risk to the grid.”

The compliance initiative is comprised of three possible tracks: dismissal; find, fix, track and report; and notice of penalty. The dismissal and notice of penalty tracks remain as currently managed; however, the find, fix, track and report track identifies possible violations that are of lesser risk to the grid and allows registered entities to mitigate them with no penalty or sanction applied. The registered entity must provide a statement of completion of mitigation activities, which is subject to verification by the Regional Entity.

The new initiative is a paradigm shift in how issues are processed, and reflects a risk-informed approach that recognizes all possible violations are not equal and should not be treated in the same manner. By focusing resources on violations that have a serious risk to the reliability of the bulk power system, NERC is able to better fulfill its mission to ensure the reliability of the bulk power system of North America.

I have written in previous blog posts the importance of registered entities to have a strong Culture of Compliance, including senior management accountability, proper compliance support, and instituting an internal corrective action program.  Many of the larger utilities that have nuclear facilities have had this in place for many years.  The mid-size and smaller companies still are trying to manage compliance by spreadsheets.

With the new compliance initiative that allows potential violations to be internally identified and managed through the “Find, Fix. Track and Report (FFT Report)” will allow all entities to improve their internal compliance program.  With the proper procedures, training, and software system, the the registered entities can identify potential issues entered into the software system and take the appropriate internal actions.  Corrective actions can be assigned, implemented and tracked to completion.  The AssurX software has been used for years to track issues, store reports and documentation, trend similar issues so that management can take steps to improve performance.  Reports and dashboards are in place to be reviewed by the organization.

More importantly, registered entities are now going to have the opportunity to show the regulators that they have a strong compliance culture in place.  When the regulator comes in for spot checks or audits, the registered entity should take this opportunity to demonstrate that they have implemented a FFT Reporting process and that any information or trending can readily be available from their compliance software application.  Some regions are actually giving scores to entities on how their Culture of Compliance is compared to other entities.  AssurX has worked with our customers by consulting them on how to implement corrective action programs, track and trend identified issues.

NERC FFT

AssurX's solution already addresses NERC's new FFT Initiative

We have actually been working to prepare for the roll-out of the “Find, Fix, Track and Report” compliance initiative, and have developed a process specific to the FFT Report requirements such as adding risk calculations, repeatable offenses, and VRF/VSL as identified with a particular standard.  Contact us to find out more information on how AssurX can support your organization on not just monitoring standards, automating self-certifications, and managing evidence through document management; but to help build a strong Culture of Compliance and implement a robust FFT Reporting process.

You can also follow Trey on Twitter.

TwitterFacebookDiggDeliciousTechnorati FavoritesEmailPrintFriendlyShare
Filed Under: Electric Reliability, Regulatory, Risk Management, Trey Kirkpatrick Tagged With: , , ,

How to Handle NERC’s Risk-Based Reliability Compliance Monitoring

July 7, 2011 By Leave a Comment

Vice President, Energy & Utilities Compliance, AssurX Inc.

As the Electric Reliability Organization (ERO) enters it’s fourth year as a mandatory entity, NERC and the Regional Entities have been working with the registered entities, FERC, and other stakeholders to improve reliability.  One of the latest topics being discussed at reliability workshops and meetings is the implementation of Risk-Based Reliability Compliance Monitoring.  What does this mean to a registered entity and how best to prepare for this change?

NERC and the Regional Entities have gathered enough data over the last four years to start the assessment to develop a risk-based reliability program.  Many mature industries have adopted the same type of approach in the past.  NERC has started to identify the core set of critical reliability standards to be audited and what areas are most crucial for reliability.  NERC has also been working over the years to assist registered entities on how to build strong compliance programs and what it takes to implement a culture of compliance within an organization.

NERC has identified some of the criteria to start developing a Risk-Based Reliability program, they include:

  • NERC top 20 list of allegedly violated reliability standards
  • High Violation Risk Factor (VRF)
  • Violation Risk Index (VRI)
  • Past reliability events and major reliability issues
  • Input from Regional Entities; especially from the audit teams and enforcement groups
  • Assessment of registered entities compliance program and compliance culture

Some Regional Entities are developing their own Compliance Surveys that will be sent out to their registered entities.  AssurX Compliance Services division has developed a white-paper outlining some of the key issues an organization should focus on to build an internal culture of compliance.  As the ERO matures, more attention should focus on sharing lessons-learned from events, improving critical reliability standards, and how a registered entity mitigates identified issues.

We will be writing more about the Risk-based Reliability Compliance monitoring program in future weeks.  Review our white-paper and contact us if you have more questions.

TwitterFacebookDiggDeliciousTechnorati FavoritesEmailPrintFriendlyShare
Filed Under: Electric Reliability, Risk Management, Trey Kirkpatrick Tagged With: , ,

Taking a Utility From a Culture of Complacency to a Culture of Compliance

May 3, 2011 By 1 Comment

Vice President, Energy & Utilities Compliance

As the Electric Reliability Organization (ERO) continues to mature and provide leadership for electric reliability, there have been many changes over the last four years. One of the most recent NERC initiatives is working with the industry on reliability excellence with a risk-based approach. Gerry Cauley, President and CEO of NERC, has continuously emphasized the “Five Key Success Factors” for building a foundation of public trust. These five key success factors include:

  1. Risked based approach, with reliability performance measurably improving
  2. Reliability-learning, self-correcting industry
  3. Culture of compliance, enforcement backstop
  4. Commitment to security/resilience of grid
  5. Positive relationships and reputation

NERC and the Regional Entities will start conducting more reviews and assessments on registered entities regarding “Risk Based Compliance Monitoring.” All Regions are moving toward evaluations of internal compliance programs based on the FERC “13 questions” provided in the 2005 orders. Some Regional Entities are already sending surveys to their entities trying to learn more about the internal compliance culture in these organizations. They will be reviewing internal processes and procedures. They will also review such things as: the number of violations discovered via audits or investigations, repeat violations, number of mitigation plans, etc.

FERC Orders

Policy Statement on Enforcement Docket No. PL06-1-000, 113 FERC ¶ 61,068 (October 20, 2005)

Revised Policy Statement on Enforcement Docket No. PL08-3-000, 123 FERC ¶ 61,156 (May 18, 2008)

Policy Statement on Compliance Docket No. PL09-1-000,125 FERC ¶ 61,058 (October 16, 2008)

Policy Statement on Penalty Guidelines Docket No. PL10-4-000, 130 FERC ¶ 61,220 (March 18, 2010)  suspended on April 15, 2010

Revised Policy Statement on Penalty Guidelines Docket No. PL10-4-000,132 FERC ¶ 61,216 (October 17, 2010)

Many businesses in a regulated industry such as financial, life sciences, and nuclear industry have lived through these changes and have continuously improved their internal compliance and regulatory programs. Many have built strong Culture of Compliance programs. I have seen and been a part of some very strong Culture of Compliance programs. Some of the key elements of these programs are senior management involvement that provides strong leadership and holding individuals accountable. This is so important when implementing the critical elements of a Culture of Compliance.

Another important part of building a better compliance culture is establishing an organization that self-identifyies and self-corrects issues. One of the most important aspects of this internal initiative is implementing a robust corrective and preventive action (CAPA) program. Every individual in an organization must be trained on the process and tools of this program; management must continuously support the employees identifying issues; and preventative steps must be assigned and completed.

Corrective and Preventive Action (CAPA) Workflow

AssurX has developed a white paper on how to build the key elements of the “Culture of Compliance” program. Download your copy here to learn more.

You can also follow Trey on Twitter.

 

TwitterFacebookDiggDeliciousTechnorati FavoritesEmailPrintFriendlyShare
Filed Under: Electric Reliability, Featured, Quality Management, Regulatory, Trey Kirkpatrick Tagged With: , , , ,