2014 Integrated Internal Control Plan. FRCC Compliance Workshop May 13-15, 2014
|
|
- Willis Booker
- 5 years ago
- Views:
Transcription
1 2014 Integrated Internal Control Plan FRCC Compliance Workshop
2 Contents Definitions Integrated Components of COSO Internal Control Framework The COSO Internal Control Framework and Seminole Control Environment Risk Assessment Control Activities Information and Communication Monitoring Activities Effective Internal Control: Present and Functioning Summary 2
3 Questions Why use an Internal Control Framework? What are the Framework components? How do we know that an internal control program is Present and Functioning? 3
4 Introduction Basis of Seminole s 2014 Integrated Control Plan The Committee of Sponsoring Organizations of the Treadway Commissions (COSO) Internal Control Integrated Framework, 2013 version Provides direction for formation, implementation, and maintenance of an internal control program Enables organizations to effectively and efficiently develop and maintain systems of internal control Enhances likelihood of achieving entity objectives and to adapt to changes in business and operating environments 4
5 Introduction NERC Reliability Assurance Initiative (RAI) Purpose: Identify and implement, where appropriate, changes that enhance effectiveness of NERC CMEP Goal: Establishment of a risk based compliance monitoring policy and a mature CMEP by 2016 Benefit: Move away from zero-defect compliance audits Seminole Internal Control Plan formalizes NERC RAI Current NERC RAI compliance principles Risk management framework Internal control best practices Goal: To complete implementation of internal control plan by end 2014 Be audit-ready under RAI for 2015 CIP and O&P audits 5
6 Definitions Internal Control (in context of NERC compliance) A method, affected by Seminole s Board of Trustees, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives relating to operations, reporting, and compliance Framework (from Merriam-Webster) The basic structure of something; a set of ideas or facts that provide support for something 6
7 Integrated Components of COSO Framework Principles-based approach to internal control composed of five integrated components Control Environment Monitoring Optimal Internal Control Risk Assessment Information and Communication Control Activities FRCC Spring Compliance Workshop April 8-10,
8 Integrated Components of COSO Framework Control Environment Standards, processes, management support, structure providing the basis for carrying out internal control Risk Assessment Dynamic, iterative process for identifying and assessing risks to the BES and the achievement of compliance objectives Control Activities Actions using technology, people, policies, and procedures that ensure the implementation of management directives to mitigate risks and achieve compliance 8
9 Integrated Components of COSO Framework Information and Communication Essential to carry out internal control Generates & uses relevant high quality information Both internal and external sources support the internal control function Monitoring Activities Both ongoing and periodic evaluation types Determine whether each internal control is present, functioning, and integrative Evaluations, built into business processes and work teams Provide timely information as feedback 9
10 The Internal Control Environment For Seminole s management and the Board of Trustees, the COSO Framework provides the following: Consistent way to apply risk-based internal control to Seminole Control of Controls Principles-based approach provides flexibility and allows judgment in designing, implementing, and conducting the internal controls Define the requirements for an internal control system Identify and analyze risks Develop and manage appropriate responses to risks Eliminate ineffective or inefficient controls that provide minimal value in reducing risks Eliminate Redundancy destroys efficiency 10
11 The Internal Control Environment Definition: A set of standards, processes, management support, and structures providing basis for carrying out internal control across Seminole Board of Trustees and senior management establish tone at the top Establish importance of internal control, including expected standards of conduct, with management reinforcement at various levels within Seminole Comprises several aspects Integrity and ethical values Parameters that enable Board of Trustees to carry out governance oversight Organizational structure - authority and responsibility Process for attracting, developing, and retaining competent individuals; Rigor surrounding performance measures, incentives, and rewards Drive accountability for performance 11
12 Integrated Components of COSO Framework ENTERPRISE COMPLIANCE RISK MANAGEMENT ENVIRONMENT, SUPPORT AND MISSION 1. NERC STANDARD 7. ALL STANDARD AND REQUIREMENT-SPECIFIC INTERNAL CONTROLS 9. HUMAN ERROR PREVENTION INTERNAL CONTROL 12. ENTITY, ERO, RRO EXPERIENCE AND FEEDBACK 13. RSAW AUDIT NOTES AND ALL OTHER COMPLIANCE GUIDANCE 10. SITUATIONAL AWARENESS INTERNAL CONTROL 2. COMPLIANCE DOCUMENT MASTER INTERNAL CONTROL (CORPORATE COMPLIANCE) 3. PROCEDURES, PLANS PRACTICES, GUIDES, WORK INSTRUCTIONS (DOCUMENTED INTERNAL CONTROLS) (CORPORATE / DEPARTMENTS) 4. WORK ACTIVITIES, FUNCTIONS, TASKS 8. INTERNAL CONTROL IMPLEMENTATION, MONITORING, ANALYSIS AND EVALUATION SYSTEM (CONTROL OF CONTROLS) EXAMPLE: Role of Internal Controls Committee to review, analyze and evaluate. 11. TRAINING PROGRAM INTERNAL CONTROL 5. WORK ACTIVITIES, FUNCTIONS, TASKS: UNWANTED EVENT 6. EVENT REVIEW AND ROOT CAUSE ANALYSIS INTERNAL CONTROL 12
13 Control Environment Control environment is governed by support from the top Establish comprehensive, board-approved Enterprise Risk & Compliance Policy Provide high-level direction for compliance and internal control activities Develop broadly representative advisory Internal Controls Committee as a periodic training and learning opportunity Includes compliance stakeholders, including Corporate Compliance and Departmental compliance coordinators Annual or semi-annual meetings - Employee Information Meetings or Lunch and Learn presentations Presented using our Compliance Metric Dashboard Resulting control environment has a pervasive, enabling impact on overall system of internal control 13
14 Risk Assessment Definition: A dynamic and iterative process for identifying and assessing risks to the achievement of compliance objectives Risks are relative to established risk tolerances Risk assessment forms the basis for determining how risks will be managed Precondition to risk assessment: establishment of objectives Management specifies compliance objectives to enable identification and analysis of risks Management must consider how internal and external changes may cause internal control to be weak or ineffective 14
15 Risk Assessment Three categories of Risk severity Low Risk: Reserved for standard requirements with the least risk Frequency of review: Annually. As a minimum internal control, this level should require at least annual compliance reviews Criteria Violation or potential violation in previous audit, but mitigation is satisfactory with very little chance of recurrence New standard or requirement Developed, effective and verified internal controls Risk reduction - from High or Medium Risk 15
16 Risk Assessment Medium Risk: Reserved for more exceptional standard requirements where Seminole has low familiarity, demonstrated a control or compliance weakness, or the standard has a high violation profile in the industry Frequency of Review: Semi-annual compliance reviews Criteria New or significantly revised standard within the last audit period Violation in previous audit Potential violation in previous audit (Dismissed or FFT) Undeveloped or Ineffective internal controls Internal control failure, e.g., identified by event review Identified compliance degradation or improvement - moved from High or Low Risk 16
17 Risk Assessment High Risk: Reserved for the most exceptional standard requirements that might include a record of Seminole violation in a previous audit or as a result of internal control analyses indicating a weak internal control framework, thereby increasing risk to the BES Frequency of Review: Quarterly. The increased check-point periodicity augments in-depth review, but also guides Seminole into a higher degree of assurance that it can comply with the standard requirements Criteria New, or significantly revised, standard within the last audit period Violation in previous audit Potential violation in previous audit (Dismissed or FFT) No internal controls Undeveloped or Ineffective internal controls Internal control failure, e.g., identified by event review 17
18 Risk Assessment Relationship between Risk Assessment and Internal Controls Risk Assessment Approach and Results indicative directive consistent prioritizing iterative defining risk objective independent Internal Controls identified responsive coordinated systematic method dynamic mitigating risk objective dependent 18
19 Control Activities Definition: Actions established through technology, people, policies, and procedures that help ensure the implementation of management directives to mitigate risks (achieve compliance objectives) May encompass a range of manual and automated activities Compliance reviews Authorizations and approvals Verifications Reconciliations Process performance reviews 19
20 Control Activities Three types of controls Preventive Detective Corrective 20
21 Control Activities Preventive Control Proactive control designed to discourage noncompliance with Reliability Standards Example: Documented process requiring development and maintenance of training schedule Process would include all required training, and would be scheduled to ensure completion prior to dates required by the applicable reliability standard May be implemented by use of automated training tracking tool (notifies individual of scheduled training, reminds them to complete training, and notifies management to take action if training is not completed prior to the deadline) 21
22 Control Activities Detective Control Designed to find errors or irregularities and support effective compliance Example: Documented process requiring periodic review to identify any required training not completed as scheduled, as well as training not completed per reliability standard requirements Quarterly review of completed training records to identify individuals who have not completed training by the required deadline Documentation and utilization of an event review and root cause analysis process to determine cause and effects surrounding an unwanted event 22
23 Implementing Preventive and Detective Controls 23
24 Control Activities Corrective Control Designed to assess instances of noncompliance and return to a state of compliance Example: Automation of an Automatic Voltage Regulator (AVR) status indication Would cause an alarm in the Transmission Operator s Control Center indicating an AVR status change from Automatic to Manual on a particular generating unit Would provide notification to the TOP of an AVR status change within 30 minutes as required by VAR
25 Information and Communication Information is essential to carry out internal control responsibilities Management obtains or generates, and uses, relevant and quality information from both internal and external sources to support the functioning of other components of internal control Communication is the continual, iterative process of providing, sharing, and obtaining necessary information Internal: Enables personnel to receive clear message from senior management that control responsibilities must be taken seriously External: Enables inbound communication of relevant external information; also provides information to external parties in response to requirements and expectations 25
26 Information and Communication Enhancing information and communication Periodic evaluations of Seminole Corporate Compliance Department solicits feedback from compliance and internal control stakeholders within Seminole Information gained from training, combined with results of evaluations, adds substance to periodic self-assessments and potential corrective action plans Builds on components of Compliance Program Assessment Worksheet (CPAW) 26
27 Monitoring Activities Definition: Ongoing, periodic, or a combination of evaluation types used to determine whether each component of internal control is present, functioning, and integrative Ongoing internal control evaluations, built into business processes and work teams at different levels of Seminole, provide timely information as feedback Periodic evaluations Vary in scope and frequency depending on assessment of risks, effectiveness of ongoing evaluations, and other management considerations Results Evaluate findings against criteria established by Corporate Compliance Department, management, and Board of Trustees Communicate deficiencies to management / Board of Trustees as appropriate 27
28 Monitoring Activities Accomplish internal control monitoring through a standing Internal Controls Committee Review internal control program, processes, and outcomes every quarter (formally and continuously) Identify what works and where potential gaps might exist within the five integrated components Encourage informal feedback from management and subject matter experts Perform planned and periodic compliance reviews of NERC standard requirements Determine compliance with reliability standards Evaluate effectiveness of primary internal controls applied to each requirement 28
29 Monitoring Activities Develop a high-level document summarizing risk and controls Contains information for each reliability-related process Applicable NERC standard Description of risks and associated controls Description of plans for testing controls 29
30 Process ID Residual Risk (L, M, H) Control Type (Preventive, Detective, Corrective) Control Function (Manual, Automatic) Frequency (Continuous, Periodic) Date Due Date Performed Monitoring Activities Reliability- Related Process Applicable NERC Standards Risk Descriptions Control Descriptions Test Plans Test Assignment and Activity Record CC--02 CIP Training CIP (Cyber Security Personnel and Training), R2.2, R2.3; 1.0 Training considered inadequate to cover required topics. 1.1 Review by Manager of Compliance using checklist L P M P Annual review of guideline providing materials for manager to review prior to approving training Scheduled Periodic Review to verify completion of training materials, development and review. CIP Program Advisor 2.0 Failure to identify proper personnel scheduled to receive annual training 2.1 Automated list of personnel requiring training manually peer-review by CIP Program Advisor or Manager of Compliance L P M P Scheduled periodic Review to verify completion peer-review. CIP Program Advisor 3.0 Failure of all required personnel to complete required training 3.1 Training department verifies all personnel scheduled for training using automated tools within training tool L P A C Testing provided in summary by test plan Final review of personnel trained using list of personnel requiring training, not planned training list H D M Scheduled periodic Review to verify the final review of training has occurred. CIP Program Advisor 30
31 Monitoring Activities Identifying processes, risks, controls, and refinement Business Need (E.g., Practice, Procedure) Business Process Workflow Risk Assessment Internal Controls NERC Standard Requirements Audit Approach Mature Workflow Compliance Document (e.g. Memo) Why we pass 31
32 Effective Internal Control: Present and Functioning Effective system of internal control reduces, to an acceptable level, the risk of not achieving a Seminole compliance objective Each of the five components and relevant principles of internal control must be present and functioning Present: components and relevant principles exist in the design and implementation of the system of internal control Functioning: components and relevant principles continue to exist in the operations and conduct of the system of internal control The five components of internal control operate together in an integrated and integrative manner 32
33 Effective Internal Control: Present and Functioning COSO Framework requires judgment Designing, implementing, and conducting internal control and assessing its effectiveness Use of judgment, within legal and regulatory boundaries, enhances management s ability to make better decisions about internal control Judgment cannot guarantee perfect outcomes 33
34 Summary of Seminole s Internal Control Plan Based on COSO Implements NERC RAI Implements the five integrated components of COSO and internal control Control Environment Risk Assessment (High, Medium, Low levels of risk severity) Control Activities (Preventive, Detective, Corrective) Information and Communication Monitoring Activities Goal: To complete implementation of internal control plan by end 2014 Be audit-ready under RAI for 2015 CIP and O&P audits 34
35 Links to additional resources NERC RAI Site The Committee of Sponsoring Organizations of the Treadway Commission (COSO) COSO Internal Control Executive Summary 35
36 Questions? 36
2014 Integrated Internal Control Plan. FRCC Spring Compliance Workshop April 8-10, 2014
2014 Integrated Internal Control Plan Contents Definitions Integrated Components of COSO Internal Control Framework The COSO Internal Control Framework and Seminole Control Environment Risk Assessment
More informationInternal Controls. Presented by Donna Maskil-Thompson SPP RE Workshop 03/15/2016. Property of KC Board of Public Utilities - PUBLIC
Internal Controls Presented by Donna Maskil-Thompson SPP RE Workshop 03/15/2016 Property of KC Board of Public Utilities - PUBLIC - 2016 1 Internal Controls The policies, procedures, practices and organizational
More informationCompliance Operations Update
Compliance Operations Update The Reliability Assurance Initiative Earl Shockley, Senior Director of Compliance Operations 2013 NERC Standards and Compliance Fall Workshop September 26, 2013 Table of Contents
More informationCompliance Operations Update
Compliance Operations Update The Reliability Assurance Initiative Earl Shockley, Senior Director of Compliance Operations 2013 NERC Standards and Compliance Fall Workshop September 26, 2013 Table of Contents
More informationAn Overview of the 2013 COSO Framework. August 2013
An Overview of the 2013 COSO Framework August 2013 Introduction Dean Geesler, KPMG Senior Manager Course Objectives Summarize the key changes from the 1992 Framework to the 2013 Framework including the
More informationIn Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015
In Control: Getting Familiar with the New COSO Guidelines CSMFO Monterey, California February 18, 2015 1 Background on COSO Part 1 2 Development of a comprehensive framework of internal control Internal
More informationERO Enterprise Internal Control Evaluation Guide
ERO Enterprise Internal Control Evaluation Guide October 2014 I Table of Contents Preface... iii Introduction... iv Revision History... iv 1.0 Internal Control Evaluation...1 1.1 ICE role within the overall
More informationPER System Personnel Training ERO Auditor Workshop. Pete Knoetgen, Director of Training September 20, 2012
PER-005-1 System Personnel Training ERO Auditor Workshop Pete Knoetgen, Director of Training September 20, 2012 Agenda Purpose of the standard Requirements and compliance approach from RSAW Frequently
More informationRAI Compliance Activities Overview
RAI Compliance Activities Overview Updated on July 10, 2014 NERC Report Title Report Date I 3353 Peachtree Road NE Suite 600, North Tower Atlanta, GA 30326 404-446-2560 www.nerc.com 1. The End State Vision
More informationPrinciples of Compliance Monitoring and Enforcement Program Activities
Agenda Item 3 Principles of Compliance Monitoring and Enforcement Program Activities Ed Kichline, Senior Counsel and Director of Enforcement Oversight Kristen Senk, ReliabilityFirst, Managing Enforcement
More informationFrom Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance
Sharon Hale and John Argodale May 28, 2015 2 From Dictionary.com Enterprise: A project undertaken or to be undertaken, especially one that is important or difficult or that requires boldness or energy
More informationCOSO What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions
COSO 2013 What s New, What s Changed, Why Does it Matter and Other Frequently Asked Questions Today s Presenter Jonathan Reiss is a Director in Protiviti s New York office in the Internal Audit Practice.
More informationReview of Standards Becoming Enforceable in 2014
Review of Standards Becoming Enforceable in 2014 Laura Hussey, NERC Director of Standards Development Standards and Compliance Workshop April 3, 2014 New BAL and VAR Standards in 2014 BAL-001-1 Real Power
More informationReliability Assurance Initiative. Sonia Mendonca, Associate General Counsel and Senior Director of Enforcement
Reliability Assurance Initiative Sonia Mendonca, Associate General Counsel and Senior Director of Enforcement Agenda Reliability Assurance Initiative (RAI) Overview 2015 ERO CMEP Implementation Plan Inherent
More informationInternal Control at OSU COSO & Enterprise Risk Management. Oregon State University Board of Trustees Executive & Audit Committee Educational Session
Internal Control at OSU COSO & Enterprise Risk Management Oregon State University Board of Trustees Executive & Audit Committee Educational Session OSU Internal Control Model - COSO The COSO framework
More informationGeneral Engagement Plan Briefing Compliance Audits & Spot Checks
General Engagement Plan Briefing Compliance Audits & Spot Checks TEXAS RELIABILITY ENTITY, INC. TEM 10.0.76 805 LAS CIMAS PARKWAY, SUITE 200 AUSTIN, TEXAS 78746 (512) 583-4900 Contents INTRODUCTION...
More information4.1 Violation Reporting Remedial Action Directives Mitigation Plans Internal Training Self Assessments...
NERC Compliance Monitoring and Enforcement Program Florida Reliability Coordinating Council, Inc. Table of Contents 1. Introduction... 1 2. Florida Reliability Coordinating Council Compliance Monitoring
More informationPART 6 - INTERNAL CONTROL
PART 6 - INTERNAL CONTROL INTRODUCTION The A-102 Common Rule and OMB Circular A-110 (2 CFR part 215) require that non-federal entities receiving Federal awards (i.e., auditee management) establish and
More informationIntroductions. An Overview of the COSO 2013 Framework. Christian Peo Sharon Todd. An Overview of the 2013 COSO Framework.
An Overview of the 2013 COSO Framework An Overview of the COSO 2013 Framework August 8, 2013 Introductions Christian Peo Sharon Todd Marc Wittenberg Module Name/SL/1 firms Course Objectives By the end
More informationGuidance Note: Corporate Governance - Board of Directors. January Ce document est aussi disponible en français.
Guidance Note: Corporate Governance - Board of Directors January 2018 Ce document est aussi disponible en français. Applicability The Guidance Note: Corporate Governance - Board of Directors (the Guidance
More informationPerforming a Successful Audit. Fundamentals of Auditing ERO Compliance Audit Process Jim Hughes Manager, Audit Assurance and Oversight
Performing a Successful Audit Fundamentals of Auditing ERO Compliance Audit Process Jim Hughes Manager, Audit Assurance and Oversight Objectives At the end of this session, participants will be able to:
More informationTransition into Risk Based Audit Reliability Compliance Using ISO31000 Methodology By: Ed Sattar
Transition into Risk Based Audit Reliability Compliance Using ISO31000 Methodology By: Ed Sattar 5910 Courtyard Drive Suite 170 Austin, Texas USA 78731, 866-385-2341 www.360factors.com Transition into
More informationCompliance Oversight Plan
October 31, 2017.0 MON-111 3000 Bayport Drive, Suite 600 Tampa, Florida 33607-8411 (813) 289-5644 - Phone (813) 289-5646 Fax www.frcc.com Table of Contents Page 3 of 13 Page 1.0 Purpose and Scope 4 1.1
More informationPossible Noncompliance Review Processing
Possible Noncompliance Review Processing October 31, 2018 RAM-200 3000 Bayport Drive, Suite 600 Tampa, Florida 33607-8410 (813) 289-5644 - Phone (813) 289-5646 Fax www.frcc.com Table of Contents Page
More informationGuide to Internal Controls
Guide to Internal Controls Table of Contents Introduction to Internal Controls...3 Roles...4 Components....5 Control Environment...5 Risk assessment...6 Control Activities...7 Information & Communication...9
More informationNERC Internal Controls Evaluations
NERC Internal Controls Evaluations Common Practices, Approaches, and Other Control Ideas April 11, 2017 Introductions Archer Energy Solutions acquires compliance division of Utility System Efficiencies
More informationIDI Internal Control System
Risk Assessment Monitoring Control Environment Information & Communication Control Activities IDI Internal Control System 2014 Contents Preface... 1 1. Introduction... 2 2. Context and Background... 2
More informationAppendix A3: Northeast Power Coordinating Council (NPCC) 2018 CMEP Implementation Plan
Appendix A3: Northeast Power Coordinating Council (NPCC) 2018 CMEP Implementation Plan This Appendix contains the CMEP Implementation Plan (IP) for NPCC as required by the NERC Rules of Procedure (ROP).
More informationBP Wind Energy s Perspective on Internal Controls. Carla Holly, Regulatory Compliance Manager October 8, 2013
BP Wind Energy s Perspective on Internal Controls Carla Holly, Regulatory Compliance Manager October 8, 2013 BP Wind Energy BP Wind Energy is a principal owner and operator of wind power facilities with
More informationInternal Oversight Division. Audit Report. Audit of Enterprise Risk Management
Internal Oversight Division Reference: IA 2016-08 Audit Report Audit of Enterprise Risk Management December 16, 2016 IA 2016-08 2. TABLE OF CONTENTS LIST OF ACRONYMS... 3 EXECUTIVE SUMMARY... 4 1. INTRODUCTION...
More informationB U S I N E S S R I S K M A N A G E M E N T L T D
B U S I N E S S R I S K M A N A G E M E N T L T D Governance, Risk and Compliance (GRC) After completing this course you will be able to Course Level Understand the requirements and benefits of GRC Develop
More informationSarbanes-Oxley Act of 2002 Can private businesses benefit from it?
Sarbanes-Oxley Act of 2002 Can private businesses benefit from it? As used in this document, Deloitte means Deloitte Tax LLP, which provides tax services; Deloitte & Touche LLP, which provides assurance
More informationERO Enterprise Three-Year Strategic Plan and 2014 Performance Metrics
ERO Enterprise Three-Year Strategic Plan and 2014 Performance Metrics Gerry Cauley, President and CEO Member Representatives Committee Meeting February 5, 2014 Background 2014 corporate performance measures
More informationERO Enterprise Guide for Compliance Monitoring
ERO Enterprise Guide for Compliance Monitoring October 2016 NERC Report Title Report Date I Table of Contents Preface... iv Revision History... v 1.0 Introduction...1 1.1 Processes within the Overall Risk-Based
More informationFDICIA Reporting for Financial Institutions. Reporting Changes Under Part 363 and SAS 130
FDICIA Reporting for Financial Institutions Reporting Changes Under Part 363 and SAS 130 CONTENTS 02 INTRODUCTION REQUIREMENTS BY TIER 03 03 Management Assessment 04 05 03 Independent Auditors FILING DEADLINES
More informationGATU Webinar Part 1 March 2017 Presented by Carol Kraus, CPA
GATU Webinar Part 1 March 2017 Presented by Carol Kraus, CPA Definition of Internal Controls COSO Internal Control Framework Internal Controls (2 CFR 200.303) Grantee responsibilities Awarding state agency
More informationIT Audit at Brown. A collaboration between the Information Technology and Internal Audit Teams
IT Audit at Brown A collaboration between the Information Technology and Internal Audit Teams Page 1 Agenda Objective Risk Management Overview Internal Audit at Brown IT Audit at Brown Frequently Asked
More informationBrent Read Compliance Engineer - Enforcement. Root Cause Analysis for Commonly Violated Requirements October 23, 2013 Compliance User Group
Brent Read Compliance Engineer - Enforcement Root Cause Analysis for Commonly Violated Requirements October 23, 2013 Compliance User Group Summary Methodology Root Causes and Effective Solutions for: o
More informationElectric Reliability Organization Enterprise Performance Metrics
Electric Reliability Organization Enterprise Performance Metrics In 2014, NERC and the Regional Entities introduced a common set of ERO Enterprise performance metrics. These metrics are intended as indicators
More informationPractices in Enterprise Risk Management
Practices in Enterprise Risk Management John Foulley Risk Management Practices Head SAS Institute Asia Pacific What is ERM? Enterprise risk management is a process, effected by an entity s board of directors,
More informationBUSINESS CPA EXAM REVIEW V 3.0. For Exams Scheduled After March 31, 2017
For Exams Scheduled After March 31, 2017 CPA EXAM REVIEW BUSINESS UPDATES AND ACADEMIC HELP Click on Community and Support at www.becker.com/cpa CUSTOMER SERVICE AND TECHNICAL SUPPORT Call 1-877-CPA-EXAM
More informationMETROPOLITAN TRANSPORTATION AUTHORITY
ENTERPRISE RISK MANAGEMENT AND INTERNAL CONTROL GUIDELINES Pursuant to Public Authorities Law Section 2931 Adopted by the Board on November 16, 2016 These guidelines apply to the Metropolitan Transportation
More informationCompliance Monitoring and Enforcement Program Implementation Plan. Version 1.7
Compliance Monitoring and Enforcement Program Table of Contents TABLE OF CONTENTS NERC Compliance Monitoring and Enforcement Program... 1 Introduction... 2 NERC Compliance Monitoring and Enforcement Program
More informationDiving into the 2013 COSO Framework. Presented by: Ronald A. Conrad
Diving into the 2013 COSO Framework Presented by: Ronald A. Conrad 2 Objectives Obtain an understanding of why the COSO Framework has been updated Understand how the framework has changed Identify the
More informationOPERATIONAL EXCELLENCE ACROSS THE ERO ENTERPRISE: Adding Value to the Compliance Monitoring and Enforcement Program
OPERATIONAL EXCELLENCE ACROSS THE ERO ENTERPRISE: Adding Value to the Compliance Monitoring and Enforcement Program A Discussion Paper By the Midwest Reliability Organization I. INTRODUCTION This discussion
More informationERO Enterprise Compliance Auditor Manual & Handbook Florida Reliability Coordinating Council, Inc. Spring Workshop April 8-10, 2014
ERO Enterprise Compliance Auditor Manual & Handbook Florida Reliability Coordinating Council, Inc. Spring Workshop April 8-10, 2014 1 Presentation Team Andrew Williamson, FRCC Adina Mineo, NERC Agenda
More informationInternal Controls. Tiffany Lake WESTAR Terri Pyle OG&E Jim Nail - IPL
Internal Controls Tiffany Lake WESTAR Terri Pyle OG&E Jim Nail - IPL Compliance a: the act or process of complying to a desire, demand, proposal, or regimen or to coercion b : conformity in fulfilling
More information2016 ERO Enterprise Compliance Monitoring and Enforcement Program Annual Report
2016 ERO Enterprise Compliance Monitoring and Enforcement Program Annual Report February 8, 2017 NERC Report Title Report Date I Table of Contents Table of Contents... ii Preface... iv Executive Summary...
More informationREPORT 2016/033 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2016/033 Advisory engagement on the Statement on Internal Control project at the United Nations Joint Staff Pension Fund 25 April 2016 Assignment No. VS2015/800/01 CONTENTS
More informationA Discussion About Internal Controls February 2016
A Discussion About Internal Controls February 2016 What we will cover today 001 Introductions 002 Defining Internal Controls 003 COSO Internal Controls Integrated Framework 004 Approach to Designing Internal
More informationAudit Project Process Overview 1/18/ Compliance and Audit Symposium. Agenda. How to Kick-start your. Audit Planning and Risk Assessment
2013 Compliance and Audit Symposium How to Kick-start your Audit Planning and Risk Assessment Jaime Jue, Associate Director, UC Berkeley David Meier, Manager Campus Audits, UC San Diego January 2013 Agenda
More information9/17/2017. An Overview of COSO s New Framework and Implementation Guidance SPEAKER. Laura Harden, CPA History
An Overview of COSO s New Framework and Implementation Guidance SPEAKER Laura Harden, CPA lharden@cbh.com History 2 1 About COSO Committee of Sponsoring Organizations Formed in 1985 to sponsor the National
More informationInternal Controls: Need Them, Have Them, Love Them
Internal Controls: Need Them, Have Them, Love Them Tiffany R. Winters, Esquire twinters@bruman.com Brustein & Manasevit Fall Forum 2010 Why Do We Have Internal Controls? The Federal Managers Financial
More informationNPCC 2018 Corporate Goals
NPCC 2018 Corporate Goals Approved by the NPCC Board at its January 31, 2018 Meeting On November 9, 2017 the NERC Board of Trustees approved an ERO Enterprise Operating Plan that identifies the ERO Enterprise
More informationReliability Standards Development Plan
Reliability Standards Development Plan 2018-2020 October 18, 2017 NERC Report Title Report Date I Table of Contents Background... iii Executive Summary... iv 2017 Progress Report...1 FERC Directives...1
More informationCOSO 2013: Updated internal control framework
COSO 2013: Updated internal control framework Athens, 10 October 2013 Background COSO's structure and mission COSO 1 is a joint initiative of five sponsoring organizations - American Accounting Association
More informationTo: Identify your chief goals and objectives Identify risks Prioritize the risks to achieving objectives Determine which controls/processes to review
1 Objective To: Identify your chief goals and objectives Identify risks Prioritize the risks to achieving objectives Determine which controls/processes to review In order to: Develop an effective Internal
More informationFraud Risk Management
Fraud Risk Management Fraud Risk Management Overview 2017 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Does your organization follow a specific risk management model? If so, which
More informationFEDERAL ENERGY REGULATORY COMMISSION DOCKET NO. RR14- NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION
FEDERAL ENERGY REGULATORY COMMISSION DOCKET NO. RR14- NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION DRAFT FIVE-YEAR ELECTRIC RELIABILITY ORGANIZATION PERFORMANCE ASSESSMENT REPORT OVERVIEW OF NERC ACTIVITIES
More informationInternal Audit Report
Internal Audit Report Contract Risk Assessment and Management TxDOT Internal Audit Division Objective To determine if contracting practices ensure adequate risk assessment input, review, and management.
More informationStandards for Internal Control in New York State Government 2016 Update
Standards for Internal Control in New York State Government 2016 Update Presented to the New York State Internal Control Association John F. Buyce Audit Director April 28, 2016 1 Last Revised in 2007 A
More informationOperationalizing Internal Controls
Operationalizing Internal Controls Terry Bilke MISO MRO Representative on the NERC Compliance and Certification Committee (CCC) MRO s 2017 CMEP Conference November 28, 2017 Agenda Quick survey NERC CCC
More informationAssessment of the Design Effectiveness of Entity Level Controls. Office of the Chief Audit Executive
Assessment of the Design Effectiveness of Entity Level Controls Office of the Chief Audit Executive February 2017 Cette publication est également disponible en français. This publication is available in
More informationCentral Florida Expressway Authority
Central Florida Expressway Authority 2013 COSO Framework Governance Review June 3, 2015 2015 Protiviti Inc. All Rights Reserved. This document has been prepared for use by OOCEA s management, audit committee,
More informationEnterprise Risk Management Program Development Update. Finance & Audit Committee Meeting September 25, 2015
Enterprise Risk Management Program Development Update Finance & Audit Committee Meeting September 25, 2015 Enterprise Risk Management Presentation Topics Enterprise Risk Management ( ERM ) Overview Lead
More informationReliability Assurance Initiative Implementation Status
MIDWEST RELIABILITY ORGANIZATION Risk-Based Compliance Monitoring and Enforcement Reliability Assurance Initiative Implementation Status MRO Board of Directors Meeting October 5, 2016 Improving RELIABILITY
More informationA COMPLIANCE SOLUTION DESIGNED TO HELP PLANS MEET CMS REQUIREMENTS
A COMPLIANCE SOLUTION DESIGNED TO HELP PLANS MEET CMS REQUIREMENTS Founded on the Common Conditions, Improvement Strategies, and Best Practices based on 2013 Program Audit Reviews HPMS memo, dated August
More informationInformal Consultation on Oversight Matters. September 2017
1 Informal Consultation on Oversight Matters September 2017 Agenda Enterprise Risk Management & Internal Controls overview Proactive Integrity Reviews update Office of the Inspector- General update 2 3
More information2013 New COSO 2013 Framework and Current Trends in Risk Management
2013 New COSO 2013 Framework and Current Trends in Risk Management Session 105 IASA 86 TH ANNUAL EDUCATIONAL CONFERENCE & BUSINESS SHOW Agenda COSO 2013 framework Overview Why the update? What has been
More informationReliability Assurance Initiative ATC s Participation as a MRO Pilot
Reliability Assurance Initiative ATC s Participation as a MRO Pilot Doug Johnson Manager of Operational Compliance American Transmission Company LLC (ATC) atcllc.com MRO Pilot Project American Transmission
More informationPresent and functioning: Fine-tuning your ICFR using the COSO update
Present and functioning: Fine-tuning your ICFR using the COSO update November 2014 With the COSO s 1992 Control Framework being superseded by the 2013 updated edition on December 15, 2014, now is the time
More informationIn 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued a
Checkpoint Contents Accounting, Audit & Corporate Finance Library Editorial Materials Audit and Attest Internal Control Communications Chapter 1 INTRODUCTION AND OVERVIEW 100 Background 100 Background
More informationStandards Committee Strategic Work Plan
2016-2018 Standards Committee Strategic Work Plan I. Introduction The 2016-2018 Standards Committee (SC) Strategic Work Plan (Plan) is a continuation of the 2015-2017 Strategic Plan in that it also reinforces
More informationCompliance Operations Draft Reliability Standard Compliance Guidance for PER July 1, 2013
Compliance Operations July 1, 2013 Introduction The NERC Compliance department (Compliance) worked with the PER-005 informal ad hoc group (PER Group) in a review of pro forma standard PER-005-2. The purpose
More informationExecutive Summary THE OFFICE OF THE INTERNAL AUDITOR. Internal Audit Update
1 Page THE OFFICE OF THE INTERNAL AUDITOR The Office of Internal Audit focuses its attention on areas where it can contribute the most by working with the organization to reduce risk and increase operational
More informationPART THREE: Work Plan and IV&V Methodology (RFP 5.3.3)
PART THREE: Work Plan and IV&V Methodology (RFP 5.3.3) 3.1 IV&V Methodology and Work Plan 3.1.1 NTT DATA IV&V Framework We believe that successful IV&V is more than just verification that the processes
More informationUNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )
UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION North American Electric Reliability Corporation ) ) Docket Nos. RM05-17-000 RM05-25-000 RM06-16-000 NORTH AMERICAN ELECTRIC RELIABILITY
More informationQuality Assurance / Quality Control Plan
Quality Assurance / Quality Control Plan Table of Contents MANAGEMENT APPROACH... 3 SUBCONTRACT MANAGEMENT... 3 QUALITY MANAGEMENT APPROACH... 3 METHODOLOGY... 4 CONCEPT OF OPERATIONS... 5 QUALITY MANAGEMENT
More information9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in
9. Internal control Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in operational effectiveness and efficiency, reliable
More informationQ ERO Enterprise Compliance Monitoring and Enforcement Program Report
Q1 2018 ERO Enterprise Compliance Monitoring and Enforcement Program Report May 9, 2018 NERC Report Title Report Date I Table of Contents Preface... iii Executive Summary... iv Chapter 1: CMEP Activities...1
More informationCORROSION MANAGEMENT MATURITY MODEL
CORROSION MANAGEMENT MATURITY MODEL CMMM Model Definition AUTHOR Jeff Varney Executive Director APQC Page 1 of 35 TABLE OF CONTENTS OVERVIEW... 5 I. INTRODUCTION... 6 1.1 The Need... 6 1.2 The Corrosion
More informationCOSO Internal Control Integrated Framework Proposed Update
COSO Internal Control Integrated Framework Proposed Update Presented by: Dustin Birashk September 20, 2012 1 DISCLOSURE STATEMENT The material appearing in this presentation is for informational purposes
More informationCompany LOGO C B T. An Educational Computer Based Training Program
C B T An Educational Computer Based Training Program The University of Texas at Dallas Compliance Training Effectively Controlling Risks Company Effectively Controlling Risks What is the purpose of this
More informationDeveloping an Integrated Anti-Fraud, Compliance, and Ethics Program
Developing an Integrated Anti-Fraud, Compliance, and Ethics Program Introduction Eric Feldman, CFE, CIG Affiliated Monitors, Inc. 2018 Association of Certified Fraud Examiners, Inc. CPE Information 2018
More informationCancer Prevention & Research Institute of Texas. IA # Internal Audit Report over Communication Report Date: April 30, 2018 Issued: May 25, 2018
IA # 04-18 Internal Audit Report over Communication Report Date: Issued: May 25, 2018 C O N T E N T S Page Internal Audit Report Transmittal Letter To The Oversight Committee.... 1 Background... 2 Audit
More informationCharter for Enterprise Risk Management
for Enterprise Risk Management Prepared by: Shannon Sinclair Version: 1.2 Document Id: Date: Release Date TABLE OF CONTENTS TABLE OF CONTENTS... i 1. Background... 1 2. Objectives... 1 3. Scope... 2 3.1
More information716 West Ave Austin, TX USA
FRAUD-RELATED INTERNAL CONTROLS GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA Figure 2.1 COSO defines an internal control as a process, effected by an entity s board of
More informationWelcome! NERC 2016 Standards and Compliance Workshop Hyatt Regency St. Louis at The Arch. July 12-14, 2016
Welcome! NERC 2016 Standards and Compliance Workshop Hyatt Regency St. Louis at The Arch July 12-14, 2016 NERC Antitrust Compliance Guidelines It is NERC s policy and practice to obey the antitrust laws
More informationPOLICY. Number: Title: Internal Control Responsible Office: USF System Audit I. PURPOSE AND INTENT
1 2 3 USF System USF USFSP USFSM POLICY 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 Number: 0-023 Title: Internal Control Responsible Office:
More informationInternal Audit and SOX Best Practices
Internal Audit and SOX Best Practices ERIC LISTER RISK ADVISORY SERVICES Agenda Internal Audit Procedures and Examples SOX 404 Procedures and Examples Questions and Discussion Overview of IA Best Practices
More informationInternal Audit Report. Toll Operations: FHWA Reporting TxDOT Office of Internal Audit
Internal Audit Report Toll Operations: FHWA Reporting TxDOT Office of Internal Audit Objective To determine whether Toll Operations Division (TOD) is providing federally required reporting to the Federal
More informationRisk Management and Internal Control Report
Risk Management and Internal Control Report Responsibility Responsibility for risk management is shared among the Board of Directors and the management of the Group. The Board has the overall responsibility
More informationPolicy and Procedures Date: November 5, 2017
Virginia Polytechnic Institute and State University No. 3350 Rev.: 8 Policy and Procedures Date: November 5, 2017 Subject: Charter for the Office of Audit, Risk, and Compliance 1. Purpose... 1 2. Policy...
More informationSuccessful ERM Program Standards. Definitions of Enterprise Risk Management (ERM)
1 Successful ERM Program Standards Enterprise Risk Management Vendor Management Business Continuity IT GRC Internal Audit Regulatory Compliance Manager William C. Hord V.P. of Enterprise Risk Management
More informationInternal Control Systems
Internal Control Systems What are Internal Controls? Internal Controls are a set of rules, policies, and procedures a municipality can implement to provide reasonable assurances that: its financial reports
More informationTxDOT Internal Audit Follow-Up Report Tuition Assistance Program
Follow-Up Report Tuition Assistance Program Objective Assess the status of corrective actions for high risk Management Action Plans (MAPs) previously communicated in Tuition Assistance Program (TAP) Audit
More informationAUDITING. Auditing PAGE 1
AUDITING Auditing 1. Professionalism The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal
More informationStrengthening Your Enterprise Risk Management Process
Strengthening Your Enterprise Risk Management Process Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400 Discussion Topics Definition of Enterprise
More informationFRCC s Enforcement and More! (Revised with Information from the 2/19/15 FERC Order on RAI) FRCC Webinar
FRCC s Enforcement and More! (Revised with Information from the 2/19/15 FERC Order on RAI) FRCC Webinar February 19 & 26, 2015 Ground Rules All participants have been muted upon sign-on Please keep your
More informationTABLE OF CONTENTS 1.0 INTRODUCTION...
Advisory Circular Subject: Quality Assurance Programs Issuing Office: Civil Aviation, Standards Document No.: AC QUA-001 File Classification No.: Z 5000-34 Issue No.: 01 RDIMS No.: 9376810-V14 Effective
More information