MRO s CMEP Approach Ten-Year Retrospective and A Bright Future

Similar documents
Entity Risk Assessment

Reliability Assurance Initiative Implementation Status

Reliability Assurance Initiative. Sonia Mendonca, Associate General Counsel and Senior Director of Enforcement

FRCC s Enforcement and More! (Revised with Information from the 2/19/15 FERC Order on RAI) FRCC Webinar

Compliance Operations Update

Principles of Compliance Monitoring and Enforcement Program Activities

ERO Enterprise and Corporate Metrics

Compliance Operations Update

Q ERO Enterprise Compliance Monitoring and Enforcement Program Report

Compliance and Enforcement in a Self Regulatory Model (Reliability provisions of Energy Policy Act of 2005)

2016 ERO Enterprise Compliance Monitoring and Enforcement Program Annual Report

RAI Compliance Activities Overview

OPERATIONAL EXCELLENCE ACROSS THE ERO ENTERPRISE: Adding Value to the Compliance Monitoring and Enforcement Program

Compliance Monitoring and Enforcement Program Implementation Plan. Version 1.7

Compliance Oversight Plan

Enforcement Approach to CIP Version 5 under RAI. March 18, 2014 Tobias Whitney, Manager of CIP Compliance

Performing a Successful Audit. Fundamentals of Auditing ERO Compliance Audit Process Jim Hughes Manager, Audit Assurance and Oversight

Compliance and Certification Committee Report on the ERO Enterprise Effectiveness Survey

Electric Reliability Organization Enterprise Performance Metrics

Reliability Assurance Initiative (RAI) Update. June 19, 2014, 3 pm 5 pm EDT Industry Webinar

WECC Internal Controls Evaluation Process

General Engagement Plan Briefing Compliance Audits & Spot Checks

Reliability Assurance Initiative ATC s Participation as a MRO Pilot

Appendix A3: Northeast Power Coordinating Council (NPCC) 2018 CMEP Implementation Plan

State of the Standards Committee. Scott Miller, Standards Committee Vice Chair 2013 Standards and Compliance Spring Workshop March 21, 2013

NPCC Regional Feedback Mechanism process

Procedure for Conducting On-Site Compliance Audits

Incorporating Risk Concepts into the Implementation of Compliance and Enforcement Table of Contents

Review of Standards Becoming Enforceable in 2014

ERO Enterprise Three-Year Strategic Plan and 2014 Performance Metrics

Welcome! NERC 2016 Standards and Compliance Workshop Hyatt Regency St. Louis at The Arch. July 12-14, 2016

Operationalizing Internal Controls

NERC Compliance Public Bulletin # Guidance for Entities that Delegate Reliability Tasks to a Third Party Entity

Procedure for Conducting Off-Site Compliance Audits

Manitoba U.S. Comparator: Standard-Making and Enforcement Functions

Strategic Direction Outline

Ontario-US Comparator: Standard-Making and Enforcement Functions

2014 ERO Enterprise Compliance Monitoring and Enforcement Program Annual Report

FAC Facility Interconnection Requirements

4.1 Violation Reporting Remedial Action Directives Mitigation Plans Internal Training Self Assessments...

Reliability Assurance Initiative (RAI) Benefits and Impact Draft 1. Initial Version: September 30, 2013

Preparing for a Compliance Audit under Mandatory Reliability Standards

NPCC 2015 Corporate Goals Approved by Board of Directors 2/4/15

ERO Enterprise Guide for Compliance Monitoring

NPCC 2018 Corporate Goals

Reliability Assurance Initiative (RAI) Progress Report

Internal Controls. Your Silent and Invisible Workforce. MRO Performance and Risk Oversight Subcommittee (PROS) Compliance Committee

Improving Coordinated Operations Across The Electric Reliability Organization (ERO) Enterprise February 2014

Meeting Agenda Compliance Committee

BEFORE THE ONTARIO ENERGY BOARD OF THE PROVINCE OF ONTARIO

NERC 2012 Business Plan and Budget Overview. May 3, 2011

Agenda Compliance Committee August 15, :00 a.m. 12:00 p.m. Mountain

NERC Reliability Update Power System Reliability Regulation Overview

NPCC 2008 Corporate Goals

British Columbia United States Comparator: Standard-Making and Enforcement Functions

FAC Facility Interconnection Requirements

Agenda Compliance Committee November 6, :00 11:00 a.m. Eastern

2013 SPP RE Annual CMEP Implementation Plan

Registered Entities and ERO Enterprise IT Applications Update

2017 to 2020 Strategic Plan. Approved by the CAA Board of Directors: March 1, 2017

FEDERAL ENERGY REGULATORY COMMISSION DOCKET NO. RR14- NORTH AMERICAN ELECTRIC RELIABILITY CORPORATION

ERO Effectiveness and Stakeholder Perceptions Survey

ERO Enterprise Metric 1: Reliability Results. ERO Enterprise Metric 2: Assurance Effectiveness. ERO Enterprise Metric 3: Risk Mitigation Effectiveness

NPCC Entity Risk Assessment Inherent Risk Assessments (IRA) Internal Controls Evaluations (ICE)

2019 ERO Enterprise Dashboard

Reliability Standards Development Plan

A. Introduction. B. Requirements. Standard PER System Personnel Training

Compliance Monitoring and Enforcement Program Standards and Guidance

Standard Development Timeline

Sustaining Reliability: Balancing Operations and Compliance August 21-23, 2018 W Seattle

ERO Compliance. Compliance Monitoring and Enforcement Program. Texas Reliability Entity, Inc Implementation Plan. November 1, Version 0.

Criteria for Annual Regional Entity Program Evaluation

Consideration of Issues and Directives Project Connecting New Facilities to the Grid

A. Introduction. B. Requirements. Standard PER System Personnel Training

What Not To Do With NERC CIP. Tim Lockwood, CISSP, CISA Lead Information Security Risk Analyst

NERC Standards and Compliance 101

2016 ERO Enterprise Compliance Monitoring and Enforcement Program Implementation Plan Version 2.2

Agenda Corporate Governance and Human Resources Committee February 8, :00-9:00 a.m. Pacific

Appendix 5B Statement of Compliance Registry Criteria Revision 5.2 Effective: October 15, 2015

Click here for: Webinar Registration. Introductions and Chair s Remarks. NERC Antitrust Compliance Guidelines and Public Meeting Notice* Agenda

Standards Committee Strategic Work Plan

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION ) )

Frequently Asked Questions August 2013

Agenda Member Representatives Committee Pre-Meeting Informational Session Conference Call and Webinar July 18, :00 a.m. 12:00 p.m.

Effective Date: See Implementation Plan for BAL B. Requirements and Measures

2019 ERO Enterprise Compliance Monitoring and Enforcement Program Implementation Plan

PER System Personnel Training ERO Auditor Workshop. Pete Knoetgen, Director of Training September 20, 2012

Transition into Risk Based Audit Reliability Compliance Using ISO31000 Methodology By: Ed Sattar

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION

Risk-Based Registration (Phase I) Implementation Guidance

Québec Reliability Standards Compliance Monitoring and Enforcement Program Implementation Plan Annual Implementation Plan

2014 Integrated Internal Control Plan. FRCC Compliance Workshop May 13-15, 2014

ERO Com plia nce Monitoring and Enforcement Program

Roles and Responsibilities: Standards Drafting Team Activities (Approved by Standards Committee June 2018)

Agenda Compliance Committee Open Session November 6, :15-10:45 a.m. Central

UNITED STATES OF AMERICA BEFORE THE FEDERAL ENERGY REGULATORY COMMISSION

What we call the beginning is often the end. And to make an end is to make a beginning. The end is where we start from ANNUAL REPORT

Cultural Building Blocks of High Reliability in Healthcare:

Appendix 5B. Statement of Compliance Registry Criteria

Policy (Board Approved)

Transcription:

MRO s CMEP Approach Ten-Year Retrospective and A Bright Future Sara Patrick, MRO Vice President, Compliance Monitoring and Regulatory Affairs Joint Standards and Compliance Committees Meeting August 3, 2017 Improving RELIABILITY and mitigating RISKS to the Bulk Power System

MRO s Vision Our Compass Maintain and improve the quality of life through a highly reliable regional Bulk Power System. 2

So, how will we achieve our VISION? Through Our Purpose Strive to assure each Bulk Power System owner and operator within our region is a Highly Effective Reliability Organization (or HERO). 3

MRO Principles The MRO Way We are accountable for results, we provide clarity and assurance of procedures, processes, and controls to improve the reliability of the bulk power system. We deliver meaningful outcomes to those we serve and use our funding wisely. We embrace our public trust obligation to be independent and transparent. We are collaborative in approach and seek constructive solutions. 4

To those ends we are: MRO Principles The MRO Way Principled. We do the right thing, the right way. We earn trust each day by treating every person with respect, fairness, and integrity. Responsive. We have a sense of urgency to act on the basis of facts, risks, and the needs of others. Rigorous. We are accurate, exacting, and demanding to improve the reliability of the Bulk Power System. Objective. We are intellectually honest, truthful, candid, and act without bias. Innovative. We embrace new ideas and lead change to improve the future. Effective. We create value for those we serve. 5

Setting the Scene A Look Back in Time Our History Before 2003, voluntary standards and MAPP and MAIN for MRO Reliability Standards became mandatory under the 2005 Energy Policy Act adopted by Congress and agreements with Canadian Provinces FERC named NERC as the ERO in 2006, and the Regional Entities received delegated authority in 2007 MRO Profile Spun off MAPPCOR in 2005; began operations in 2007 Dan Skaar, President and CEO Began with 17 employees in 2007, 41 in 2017 6

Full Notices of Penalty for every enforcement action MRO negotiated the first settlement agreement in the ERO Penalty was reduced for investments in tools and training Actively Monitored List Prescriptive 3/6 year Compliance Audits Mitigation Plans required for every Possible Violation $5K $15K penalties were typical In the Beginning 2007/2008 7

Adopted Three Step Approach Compliance Monitoring Risk Assessment and Mitigation Enforcement Evolving Processes, Maturing View of Risk 2009/2010 $0 penalties typical for lower risk issues Comprehensive approach to mitigation Reduces recidivism Focused on risk to reliability and implementing controls to detect, prevent, and correct noncompliance Risk determinations on all noncompliance Technical assessment, SME to SME Streamlining begins with Administrative Citation Process Settlement Agreements focused on above and beyond activities as offset for proposed penalties 8

Incorporating HRO Theory and Principles 2009/2010 The Reliability Assurance Initiative (RAI) relied heavily on HRO Theory and Highly Effective Reliability Organizations (HEROs) HEROs keep the small stuff small. 9

HEROs Keep the Small Stuff Small 2009/2010 Five characteristics of highly reliable organizations: 1. Preoccupation with failure (risk) Attention on close calls and near misses ( being lucky vs. being good ); focus more on failures rather than successes 2. Reluctance to simplify interpretations Solid root cause analysis practices 3. Sensitivity to operations Situational awareness and carefully designed change management processes 4. Commitment to resilience Resources are continually devoted to corrective action plans and training 5. Deference to expertise Listen to your experts on the front lines (ex. authorities follows expertise) 10

Focus on reliability risk, rather than compliance risk Changing the Focus 2011/2012 Recognition of Acceptance of Responsibility as fundamental to maintaining reliability Find, Fix, Track and Report (FFT) Spreadsheet Notice of Penalty (SNOP) 11

Changing the Focus 2011/2012 The intent of the RAI was to re engineer the compliance and enforcement approach by: Recognizing registered entity s risk and its management practices around risk in the scope and conduct of our work Recognizing and rewarding registered entities who design and implement strong preventive, detective and corrective action programs Reserving enforcement proceedings for significant matters by creating a new path outside of enforcement Reducing administrative compliance burdens 12

Streamline Enforcement processes Increase stakeholder outreach SAGs PROS Revamping the CMEP Approach 2013/2014 Implement Guided Self Certifications Instructions on evidence review and required documentation submission Targets specific Standards/Requirements identified as regional risks or compliance trends Consider inherent risks and internal controls in compliance monitoring 13

Pilot projects across the ERO MRO s focus: Internal Controls Evaluation Audit scope based on individual entity risk Self Logging Coordinated oversight of Multi Region Registered Entities Implementing RAI 2015/2016 Compliance Exceptions MRO processed 125 findings as Compliance Exceptions from July 1, 2014, the date on which Compliance Exceptions became eligible for filing, to December 31, 2016 14

Continuing to Improve Risk-Based Approach 2015/2016 Inherent Risk Assessment (IRA) Developed for all registered entities in MRO Considers individual risk based on registered entity functions, equipment, facilities, location, etc. Base Case initiative drives alignment across ERO Compliance Oversight Plans (COPs) Developed for registered entities scheduled for audit in 2017 Three year plan identifies Standards/Requirements and the compliance monitoring approach (audit, self certification, spot check) for each calendar quarter Considers performance risk, recognizes HEROs 15

IRAs Completed 2016 COPs RC, TOP, BA will be completed in 2017 Others completed in 2018 Where Are We Now? 2017-2018 Streamlined Enforcement processes Enforcement reserved for significant matters FFT/CE/SNOP fully implemented Settlements are rare Shared understanding of risk results in greater acceptance of enforcement determinations Compliance Guidance Policy Endorsement of MRO SAGs as Implementation Guidance 16

MRO CMEP philosophy Industry engagement Addressing risk outside enforcement processes Feedback to Standards development Everything we do is about improving reliability Where Are We Now? 2017-2018 17

Simplification of Regulation Where Are We Now? MRO 2017 Strategic Objectives Risk based methodologies are implemented with proper rigor and safeguards Improve Clarity of Standards and Rules Greater consistency within MRO and across NERC/Regional Entities Coordination communication within MRO and across NERC/Regional Entities 18

Where Are We Now? MRO Committee Support of Strategic Objectives Simplification of Regulation Risk based methodologies are implemented with proper rigor and safeguards Improve Clarity of Standards and Rules Greater consistency within MRO and across NERC/Regional Entities Coordination communication within MRO and across NERC/Regional Entities Compliance Committee Standards Committee Goals 1 and 5 Goals 1, 5 and 6 Goals 2, 4 and 6 Goals 2, 3 and 4 Goals 1 and 2 Goal 3 Goal 4 19

Where Are We Now? Encouraging Right Behaviors Adaptive Intelligenceled System Events Operational Information Emerging Issues Intelligence Products (Technical Assessments) Risk-Based Reliability Standards Risk Assessments Alerts and Other Tools Proactive and Reactive Workload Industry Behavior Regulatory Response Proportional and Responsive: Promotes Reliability SHARED OUTCOME = RELIABLE OPERATIONS 22

Where Are We Now? Encouraging Right Behaviors We Support HEROs through: CLARITY ASSURANCE RESULTS 21

Reliability Ethics Accept responsibility Strong self reporting trends Responsive mitigation Compliance is a byproduct of strong management practices Where Are We Now? Encouraging Right Behaviors 22

Where Are We Now? Accepting Responsibility Self-Identified Noncompliance (June 18, 2007 July 24, 2017) 5% 1% 100% 80% Accepts Responsibility 60% 40% Does Not Contest 20% 0% 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 94% Neither Admits nor Denies 23

Where Are We Now? Entities Self-Monitoring Self-Identified vs. MRO Discovered (June 18, 2007 June 24, 2017) 140 120 114 117 100 99 80 79 73 82 78 71 60 40 20 0 59 52 43 43 47 40 32 21 23 15 14 9 3 4 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 Self Identified MRO Discovered 24

Where Are We Now? MRO Identified Noncompliances Reduced Number of Noncompliance by Year (June 18, 2007 June 24, 2017) 200 180 178 187 160 140 141 141 149 120 100 80 60 40 20 0 115 100 104 92 66 86 62 74 46 47 41 50 46 30 46 45 41 32 41 30 22 30 16 18 12 25 11 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 CIP Standards Operating & Planning Standards Yearly Total 25

2008 $ 75,080 2009 $ 60,000 2010 $ 293,500 2011 $ 212,000 2012 $ 108,000 2013 $ 352,500 2014 $ 170,000 2015 $ 189,500 2016 $ 18,000 Total Assessed Penalties 2008 to 2016 $ 1,478,580 Average Annual Penalty $ 164,000 Where Are We Now? MRO Assessed Penalties Over Time 26

Where Do We Go From Here? Registered entities HEROs with strong, self monitored compliance programs MRO provides support, information, and right sized oversight Risk Assessment and Mitigation Focus on risk identification and analysis BES, regional, and individual entity Reliability near misses MRO provides support to HEROs Transparency of expectations Mitigation of known risks Identification of emerging risks 27

Where Do We Go From Here? Compliance Monitoring MRO conducts targeted CMEP activities that are customized for each entity Oversight uses appropriate tools, frequency, scope COPs are developed and are living documents Large audits are rare Smaller CMEP touchpoints are the norm COPs replace Rules of Procedure requirements Three year onsite audits for RCs, TOPs and BAs CMEP Implementation Plan Guided Self Certifications become more focused Issued based on risk for individual registered entity, rather than by function 28

Where Do We Go From Here? Enforcement Self Logging would not be reported to NERC or FERC Would be available for NERC or FERC inspection Number of processing methods could be reduced to two Compliance Exceptions, which would not be filed with FERC Notices of Penalty, which would be filed with FERC Compliance Exceptions could be used for all risk levels Including moderate and serious Addressed and mitigated quickly, including revising preventive controls Notices of Penalty would be reserved for more serious matters Such as serious repeat violations FFT process retired Shorter processing time 29

Where Do We Go From Here? Sustainable CIP Standards Can CIP standards keep up with threats and technologies? Are there costs associated with the churning of CIP standards (version 3, 4, 5, 6.)? Do the CIP standards encourage adoption of new and better technologies around security? Alternatives to the status quo Reverse TFE approach Discretion in compliance oversight (meeting the purpose of the standard versus strict compliance to requirements) Replace current standards with security objectives 29

Where Do We Go From Here? Simplify Rules of Procedure Simplify Rules of Procedure Section 400 Compliance Enforcement Remove or modify annual CMEP IP Remove requirement for 3 year audits of BAs, TOPs, and RCs Appendix 4C Uniform Compliance Monitoring and Enforcement Program Expand use of CEs and eliminate FFTs Appendix 5A Organization Registration and Certification Manual Simplify Risk Based Registration Review for appropriate level of detail 30

Questions? 32

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback