Draft Minutes Finance and Audit Committee Conference Call

Transcription

1 Draft Minutes Finance and Audit Committee Conference Call February 9, 2011 Conference Call Chair Fred Gorbet convened a duly-noticed open meeting by conference call of the Finance and Audit Committee (FAC) of the North American Electric Reliability Corporation on Februay 9, 2011 at 1:00 p.m. ET. As required by the bylaws of the Corporation, dial-in access was provided to members of the Corporation and the public for the meeting. The meeting agenda is attached as Exhibit A. Trustees present on the call in addition to Chair Gorbet were committee members Janice Case, Vicky Bailey, David Goulding, and Bruce Scherr. Board of Trustees Chair John Anderson, as well as Trustees Tom Berry and Gerry Cauley were also present. NERC staff participants included David Cook, Michael Walker, Susan Turpen, and Tina McClellan. Additional attendees are listed in Exhibit B. Antitrust Compliance Guidelines Chair Gorbet directed the participants attention to the NERC Antitrust Compliance Guidelines. Consent Agenda On motion by Trustee Bruce Scherr the minutes of January 24, 2011 and October 28, 2010 were approved. Unaudited 2010 NERC and Regional Entities Statement of Activities Michael Walker, senior vice president and chief financial and administrative officer, and Susan Turpen, Controller, reviewed the Unaudited 2010 NERC and Regional Entities Statement of Activities noting that NERC and all of the Regional Entities were under budget for the year ended December 31, Mr. Walker further reviewed the variance analysis and Chair Gorbet advised that Regional staff were on the call and opened for comments on any specific variances in their areas. After discussion by members and Regional Staff and on motion by Dave Goulding the committee agreed to recommend the Unaudited 2010 NERC and Regional Entities Statement of Activities to the Board of Trustees for acceptance Village Blvd. Princeton, NJ

2 Schedule for Preparation and Filing of 2012 Business Plan and Budget Chair Gorbet reviewed the schedule for the preparation and filing of the 2012 Business Plan and Budget. Chair Gorbet recommended in lieu of a call on April 19, 2011 that a call be scheduled for the first week in May followed by an additional call the first week in June provide feedback on the Regional Entity drafts. It was decided that the exact dates for these meetings would be confirmed with committee and then posted as an update to the schedule. Three-Year Business Plan Goals President and CEO Gerry Cauley presented the Electric Reliability Organization Strategic Goals through Mr. Cauley highlighted the ERO s Vision, the seven goals, and their objectives. The document is attached here as Exhibit C. Finance and Audit Committee Self-Assessment Results Chair Gorbet reviewed the Finance and Audit Committee Self-Assessment Results for 2010 noting positive items and areas of improvement. Chair Gorbet also addressed the need to update and streamline the committee mandate and requested that management prepare a draft for review by the committee at the May 2011 meeting. Internal Controls Initiative Mr. Walker stated NERC s finance and accounting staff is finalizing a draft of an internal controls policy and procedures document, which it will provide to NERC s accounting firm, WeiserMazars LLP for review and feedback and that a draft will be submitted to the Finance and Audit Committee for review at its May 2011 meeting. Risk Management Framework Chair Gorbet and Michael Walker provided an overview of a proposed ERO Risk Management framework, A discussion then ensued regarding the scope of the proposed framework and costs. Thereafter management was instructed to undertake further revisions and report back to the committee with a further update at their May Office Relocations (Atlanta and Washington, DC) Mr. Walker provided an overview of NERC s office relocations noting both are progressing per scheduled timelines. Finance and Audit Committee DRAFT Conference Call Minutes February 9, 2011

3 Future Meetings Chair Gorbet reviewed the future meetings noting the closed session of April 8 in Washington, DC and reminding the committee of future calls to be scheduled in May and June regarding the NERC and Regional Entity business plans and budgets, respectively. Other Business Chair Gorbet and Michael Walker discussed the review of the external auditors and that an external auditor evaluation questionnaire is in progress and will be presented for review to the committee at a future meeting with the goal of being ready for use in There being no further business, the meeting ended at 2:15 p.m. Submitted by, Michael Walker Chief Financial and Administrative Officer Finance and Audit Committee DRAFT Conference Call Minutes February 9, 2011

4 Agenda Finance and Audit Committee Conference Call February 9, :00 2:00 p.m. ET Dial-In: No Code Needed Introductions and Chair s Remarks NERC Antitrust Compliance Guidelines 1. Minutes Approve* a. January 24, 2011 Conference Call b. October 28, 2010 Meeting 2. First Quarter Calendar of FAC Responsibilities Review/Approve* a. Review Unaudited 2010 NERC and Regional Entities Statement of Activities b. Review and approve schedule for preparation and filing of 2012 Business Plan and Budget c. Three-Year Business Plan Goals 3. Review Finance and Audit Committee Self-Assessment Results* 4. Update on Internal Controls Initiative* 5. Update on Risk Management Internal Audit Initiative* 6. Update on Office Relocations (Atlanta and Washington, DC)* 7. Future Meetings a. May 10, 2011 Washington, DC *Background material included Village Blvd. Princeton, NJ

5 Finance and Audit Committee Conference Call Reservation Number: Reservation Date/Time: Chair Person: TINA MCCLELLAN Total Number of Lines: 26 Company Name: N AMER ELECTRIC RELIABILITY CORP First Name Last Name Company 26 Alice Wright 1 John Anderson BOT 2 Vicky Bailey BOT 4 Thomas Berry BOT 5 Janice Case BOT 10 Fred Gorbet BOT 11 David Goulding BOT 23 Bruce Scherr BOT 13 Travis Johnson Federal Energy Regulatory Comm 18 Robert Martinko First Energy 24 Clay Smith Georgia System Operators Corp 7 Sue Clarke M R O 15 Heidi Lewis N P C C 14 Tricia Kritzberg N/A 17 Jennifer Mariello N/A 19 Reva Maskowitz N/A 25 Michael Walker NERC 20 Tina Mclellan NERC 6 Gerry Cauley NERC 9 Tim Gallagher Reliability First 16 Jill Lewton Reliability First 22 Ray Palmieri ReliabilityFirst 3 Kevin Berent SERC Reliability Corp 12 Scott Henry SERC Reliability Corp 8 Tim Friel 21 Mary Agnes Nimis

6 11 13:00 ETN

7 Electric Reliability Organization Strategic Goals through 2015 A Collaborative Planning Initiative Prepared by NERC and Regional Entities February 2, 2011 Draft

8 Electric Reliability Organization Vision The Electric Reliability Organization (ERO) will be the trusted leader that ensures and strives to continuously improve the reliability of the bulk power system in North America. The ERO comprises the North American Electric Reliability Corporation (NERC), eight Regional Entities 1, and participating reliability stakeholders 2. The ERO s span of responsibility includes the continental United States and Canada and the northern portion of Baja California, Mexico. The ERO will achieve this vision by carrying out the following mission: Developing clear, mandatory reliability standards that establish threshold requirements for ensuring the bulk power system is planned, designed, operated, and maintained in a manner that minimizes risks of cascading failures, damage to equipment, or significant interruptions of bulk power supply. Promoting a culture of reliability excellence by facilitating a learning environment in the industry that continuously seeks reliability performance improvement through event causal analysis, communication of lessons learned, tracking of recommendations, and implementation of best practices. Being a risk-informed organization, identifying and understanding reliability risks, helping industry manage those risks, and effectively prioritizing ERO activities and reliability initiatives based on reliability impacts. Promoting a culture of compliance with mandatory reliability standards across the industry. Being a strong enforcement authority that is independent, without conflict of interest, objective and fair, and resolute in ensuring compliance with mandatory standards. Integrating and leveraging regional and stakeholder ideas and expert resources with a common purpose of improving reliability. Improving transparency, consistency, quality and timeliness of results through more effective coordination and collaboration and process improvements. Leveraging technology and information systems across the entire ERO enterprise to achieve greater efficiencies, consistency of outcomes and more transparent accountability. Building constructive partnerships between industry and government by communicating expectations and consistently delivering responsive results that demonstrate effective mitigation of reliability risks. 1 The eight Regional Entities are Florida Reliability Coordinating Council, Midwest Reliability Organization, Northeast Power Coordinating Council, ReliabilityFirst Corporation, SERC Reliability Corporation, Southwest Power Pool Reliability Entity, Texas Reliability Entity, and Western Electricity Coordinating Council. 2 As referenced in this plan, the term reliability stakeholders is intended to include all registered entities, and industry trade organizations. 2

9 Strategic Goals Goal 1: The ERO will have clear, results-based reliability standards that provide for an adequate level of bulk power system reliability. The ERO will develop clear, mandatory reliability standards that establish threshold requirements for ensuring bulk power system reliability. The standards will be of high technical quality and be delivered in a timely and efficient manner. Objectives Be the leader in articulating what is an adequate level of reliability (ALR) of the bulk power system and continue to update and refine the definition of ALR through a consensus process. Achieve a technically sufficient set of results-based reliability standards, with each requirement providing a clearly identified performance expectation and reliability benefit. Be accountable to applicable regulatory authorities and the public for standards that provide an adequate level of reliability by addressing all standards directives within one year unless a detailed technical study is required. Modify the standards development process to allow rapid development of an initial draft standard by a small professional team 3 with requisite expertise and skills, including legal and compliance, followed by subsequent stakeholder consensus review, comment and balloting; the process will provide early consultation, including with regulatory authority staff, to determine a clear set of objectives for the standard. The process will allow highest priority standards to be delivered to the board within one year. Develop a program to allow compliance trials following NERC board approval of reliability standards, for the purpose of allowing registered entities to come into compliance and mitigate compliance risk while the ERO validates the associated compliance measures and procedures, thereby minimizing inefficiencies and detrimental effects of learning through enforcement. Ensure industry executive leaders are informed and positively influencing the development of high quality standards that are not adversely influenced by perceptions of compliance risk. Periodically evaluate the standards development consensus process to ensure it continues to meet the needs of the ERO. Minimize the need for regulatory directives issued in response to filings of reliability standards by effectively coordinating reliability objectives and expectations in advance of standard development; promote deference to the expertise of the ERO by earning the trust of regulatory authorities. Develop technical reference guides and supporting compliance information for all reliability standards to ensure clarity and facilitate compliance. Ensure standards priorities are informed by risk trends, event root cause analysis, compliance findings, reliability assessments, and other learning opportunities. More actively engage technical standing committees in developing the technical bases for reliability standards. Train all standards staff and drafting teams in structure and format of results-based standards. Address all remaining regional fill-in-the-blank standards and ensure regional standards have a consistent format and high quality. Provide a robust educational program on reliability standards through the website, webinars and workshops. 3 The team may include NERC, Regional Entity, and registered entity staffs and contractors as needed and appropriate. 3

10 Goal 2: Bulk power system owners, operators, and users will demonstrate sustained cultures of learning and reliability excellence, built upon underlying foundations of compliance and effective risk management and mitigation. Bulk power system owners, operators and users will embrace a reliability community concept and demonstrate a culture of continuous self-assessment, sharing and learning from experience, selfcorrecting, and continuously improving performance toward reliability excellence. Bulk power system owners, operators, and users will have adopted underlying foundations of compliance and effective risk management/mitigation. The ERO will assist and prepare the industry to effectively manage risks to bulk power system reliability, security and resiliency. Objectives Enable and encourage bulk power system owners, operators, and users to conduct periodic internal self-assessments to improve reliability and compliance, to share results for others to learn, to complete timely mitigation, and to self-report compliance violations as required. Facilitate a comprehensive event analysis program that encourages and engages bulk power system owners, operators, and users in self-determining root causes, lessons learned, and other improvement opportunities; ensure all events meeting defined criteria are catalogued, prioritized, and assessed for improvement opportunities and trends. Manage a consistent program for issuing alert advisories, recommendations and essential actions, and track and report mitigation results; modify ERO rules of procedure if needed to ensure all levels of alerts receive adequate technical and policy level review. Proactively seek and benchmark best-in-class performance on selected reliability topics; give recognition for examples of reliability excellence. Trend reliability issues and improvement opportunities and share results transparently with bulk power system owners, operators, and users. Encourage bulk power system owners, operators, and users to focus on managing reliability risk and improving reliability more than on compliance risk avoidance; evaluate the benefits of a point system for recognizing positive reliability behaviors. Internalize risk-based approaches into ERO programs, priorities, and initiatives to maximize reliability benefits and improve efficiencies. Leverage other reliability organizations to improve bulk power system reliability, such as the North American Energy Standards Board, the North American Transmission Forum, the North American Generator Forum, the ISO-RTO Council, and others. Maintain an easily accessible library of lessons learned from event analyses, best practices, examples of excellence, and other resources for reliability improvement. Ensure an ERO staff that has strong skills in the areas of event forensics and root cause analysis; make similar training available to registered entities on a self-funded basis. Be prepared to facilitate information flow and coordination among bulk power system owners, operators, and users during emergencies and unusual events, including government interfaces; develop and regularly exercise response plans and procedures. Develop and maintain a situational awareness capability (SAFNR) that meets the needs of FERC, NERC, Regional Entities, and applicable registered entities. Educate industry on effective compliance programs and effective reliability risk management controls. 4

11 Goal 3: The ERO will develop and maintain effective reliability performance measures and will continue to develop high quality reliability assessments based on long range and seasonal forecasts, as well as emerging issues. The ERO will adopt a comprehensive suite of quantitative reliability performance measures to assess the on-going performance of the bulk power system, identify trends and opportunities for improvement, and provide transparent accountability for reliability. The ERO will continue developing high quality longterm and seasonal reliability assessments, with emphasis on key emerging issues. Objectives Adopt a set of reliability performance measures to benchmark and assess the effectiveness of the ERO and registered entities in achieving reliability goals, and to identify reliability trends, common root causes, improvement opportunities, and priorities. Develop and deliver an annual report on the state of bulk power system reliability. Become the principal source of information on reliability trends, issues, and priorities, and deliver this information to other program areas and reliability stakeholders to identify reliability improvement opportunities. Continue to deliver high quality long-term and seasonal assessments of the future adequacy and operating reliability of the bulk power system. Conduct detailed engineering analyses to evaluate and report on strategic emerging reliability issues; continue to deliver high quality assessments of these emerging issues. Improve the tools for the collection and validation of data for long term, seasonal, operational, and special reliability assessments, along with the databases needed to support these assessments. Leverage TADS, GADS, and DADS databases to create value-added information on equipment performance and failure modes; provide an integrated platform for maintenance and use of TADS, GADS, and DADS. Assist registered entities in improving reliability data modeling, including generator and turbine controls and load modeling. 5

12 Goal 4: Bulk power system owners, operators, and users will effectively manage risks from cyber and physical attacks and other high-impact, low-frequency events. The ERO will facilitate bulk power system owners, operators, and users achieving a robust, resilient electricity infrastructure in which continuity of business and services is maintained through secure and reliable information sharing, effective risk management, coordinated response capabilities, and trusted relationships between industry and government. Objectives Enhance situational awareness within the electricity sub-sector and with applicable governmental authorities through robust, timely, reliable, and secure information exchange; utilize a robust and mature ES-ISAC with a secure communications portal to ensure availability of actionable information regarding threats to the bulk power system. Facilitate industry use of sound risk management approaches to enhance physical and cyber security preparedness, resilience, and recoverability; demonstrate effective mitigation of security risks, including safeguarding of assets, developing mitigation alternatives, and preparing and testing recovery plans. Facilitate the conduct of comprehensive emergency, disaster, and business continuity planning by registered entities; conduct training and large-scale exercises involving electricity industry and governmental authorities to enhance reliability and coordinated emergency response. Clearly define critical infrastructure protection roles and responsibilities of industry and government. Enhance understanding of key interdependencies and collaborate with other critical infrastructure sectors to address them; facilitate industry s incorporation of that knowledge into planning and operations. Promote synergies between industry security initiatives and those of governmental authorities in the U.S. and Canada; provide policy inputs to government decision-makers regarding the resiliency of the electric grid, key issues, and support needs. Communicate results to strengthen public and government confidence in industry s ability to effectively manage risk and successfully implement security, reliability and recovery efforts. Develop a robust set of critical infrastructure reliability standards that enable industry to adapt to continuously changing threats and vulnerabilities by emphasizing security risk management over compliance with static protection requirements. In partnership with government and industry, deliver a comprehensive set of voluntary guides, including a program for demonstrating and validating those guides, for managing security risks to the electric system, from the bulk power to the meter. Maintain a set of design basis threat scenarios to guide determination of an adequate level of resilience; continuously evaluate and communicate high impact, low frequency risks. Conduct security incident analysis and work with industry experts to provide lessons learned and enhance the electricity sub-sector s security posture. Communicate best practices for physical security of bulk power system assets. Provide education to industry on CIP standards and security risk management. Enhance ERO staff expertise and qualifications to conduct CIP audits, security forensics, and threat analysis; provide to registered entities on a self-funded basis. Develop security risk management enhancements, such as monitoring key interfaces for anomalies and benchmarking of vendor products to improve cyber security protection. Develop and implement a plan to address risks of long-term degradation of bulk power system capabilities, such as loss of critical equipment, such as transformers. 6

13 Goal 5: The ERO will balance the role of being a strong, independent enforcement authority, with one of providing owners, operators and users timely and transparent feedback on compliance and effective incentives for improving reliability. The ERO will be a strong enforcement authority that is independent, without conflict of interest, objective and fair, and resolute in ensuring compliance with mandatory standards. The ERO will promote a strong culture of compliance and incent reliability improvement and timely mitigation of risks through efficient and transparent enforcement of reliability standards and effective use of discretion in determining penalties and sanctions. The ERO will provide a registration process that is aligned with reliability benefit. Objectives Develop further enhancements to achieve efficient and timely compliance enforcement outcomes, including streamlined procedures for minor, administrative violations and improved workflow and tools at NERC and regional entities; target minor violations within three months and major cases within one year of discovery. Enhance compliance transparency through issuance of compliance application notices, case notes, and other information to assist registered entities in more effectively managing and mitigating compliance risk. While maintaining acceptance and trust of governmental authorities, evolve toward increased prosecutorial discretion in determining violations and setting penalties as a means of positively influencing cultures of compliance and reliability excellence. Achieve greater consistency across the ERO in the determination of violations and exercise of discretion in setting penalties and sanctions through a defined framework and training of applicable staff. Ensure timely and thorough mitigation of all violations of mandatory reliability standards. Modify the compliance registration program to be more efficient, risk-based, and aligned with reliability benefit, including evaluation of options such as increased granularity in registration by requirement or by assets for entities with limited impacts on bulk power system reliability. Provide greater assurance that bulk power system owners, operators, and users are correctly registered through more proactive review of registration status; ensure that responsibilities are clearly understood by all registered entities and there are no material gaps or adverse impacts on bulk power system reliability. Enhance the tools to help registered entities understand the constellation of standards and requirements that are applicable to each entity, including versioning of standards. Enhance coordination and efficiency of compliance processes involving multi-regional entities, joint registration organizations, and joint action agencies. Develop the capability of the NERC Board Compliance Committee to more transparently render decisions that set precedent or direction for improved compliance with reliability standards. 7

14 Goal 6: NERC and the regional entities will execute statutory functions in a collaborative enterprise 4 and thereby achieve efficiencies and effective process controls while leveraging the expertise of staff and reliability stakeholder resources. NERC and regional entities, engaging the support of reliability stakeholders as appropriate, will operate as a collaborative enterprise in the execution of ERO statutory functions. The ERO will be an efficient steward of resources used in carrying out statutory functions. The ERO will be a technology leader by leveraging information systems to create efficiencies and process controls in performing its statutory functions. Objectives Operate the ERO enterprise with a high level of trust and collaboration, seeking opportunities to integrate and leverage NERC, regional, and reliability stakeholder ideas and resources with a united purpose of improving reliability. Improve transparency, consistency, quality, and timeliness of NERC and regional entity results through process improvements, coordination, and collaboration. Align and expand the role of technical committees in supporting ERO functions, including the development of initiatives to improve reliability, with clear accountability to the board. Develop an ERO-wide internal audit and risk management program with effective controls to ensure the ERO is addressing organizational risks 5 and successfully fulfilling its statutory mission. Develop highly qualified and trained staffs at NERC and the regional entities, including staff with enhanced qualifications in auditing, investigations, enforcement, and other essential staff roles; consider staff exchanges where appropriate. Address all applicable recommendations and directives from the Three Year ERO Performance Assessment and previous audits. Adopt ERO performance indicators and feedback mechanisms to enable the ERO to continue being a learning organization. Provide rigorous internal financial controls and efficient management of resources to achieve a high level of efficiency in carrying out statutory functions. Apply a business planning process with a three-year horizon to convey the value to be delivered by various programs and initiatives, and track the results ex post. Develop an architecture and design for an ERO information system that incorporates business process mapping, ERO business process owner needs, and end user needs. Deliver the initial modules of a secure information management system to achieve efficiencies, consistency of outcomes, effective process controls, and more transparent accountability across the statutory functions of the ERO enterprise. Develop a robust, user-friendly website that facilitates easy access to reliability information and ERO processes. 4 The term ERO enterprise is used to denote the concept of NERC, regional entities, and reliability stakeholders working collaboratively to achieve successful and efficient implementation of the statutory functions of the ERO. The ERO enterprise concept implies that statutory functions will become more integrated and seamless. However, each entity maintains its separate corporate governance, authorities, decisionmaking, and business functions, as well as any non-statutory functions. 5 Risks here are focused on the ERO model and organizations. Bulk power system risks are addressed under Goal 2. 8

15 Goal 7: The ERO will maintain an exceptional reputation as the trusted leader of the reliability community and instill a high degree of confidence in the reliability of the bulk power system. The ERO will be recognized as the trusted leader and advocate in reliability matters and as the foremost expert organization on bulk power system reliability. The ERO will earn the trust and confidence of the public, governmental authorities, and reliability stakeholders through integrity, independence, and steadfast adherence to achieving a reliable bulk power system in the interest of public safety, economic well being, and security. Objectives Develop clear articulations of the value of bulk power system reliability for reliability stakeholders, including reasonable expectations for reliability, security, and recoverability. Develop and implement an industry-wide communications plan to build awareness of work by the ERO and reliability stakeholders to improve reliability. Establish the ERO as the principal architect of reliability by charting the course for high-priority reliability initiatives. Through consistent delivery of results, earn the trust and confidence of the public, governmental authorities, and reliability stakeholders that reliability risks are being effectively addressed. Maintain the ERO s position as independent and objective, striving at all times for what is best for the reliability of the bulk power system and not unduly influenced by alternative interests of government or industry. While maintaining a posture of independence as the reliability community leader, engage in active consultation with regulatory and legislative leaders and staffs in the U.S. and Canada to ensure ERO work is consistent with guidance received and is meeting or exceeding expectations. Prepare messages for use during and following significant events as teaching moments to help the public better understand the efforts and practical considerations in recovery from system disturbances and improving reliability. Sustain high ethical standards of the ERO by establishing a set of ethical principles for NERC and regional entities; conduct periodic assessments of the effectiveness of controls and performance. Identify and cultivate champions for bulk power system reliability at the principal levels of federal, state, and provincial governments in the U.S. and Canada. Maintain proactive outreach, including by the NERC board, to receive feedback and inputs to improve ERO performance; continue to enhance the ERO s posture as a learning organization. 9