Managing NERC's new Compliance Enforcement Initiative: Find, Fix, Track and Reporting Implementation
On September 30th, 2011, NERC filed a new version of the Compliance Enforcement Initiative. This is something that NERC, the Regional Entities, and the registered entities have been working on for a long time. The primary focus has always been ensuring reliability of the Bulk Power System. The registered entities have spent a lot of time and resources on implementation of the NERC and regional standards. With my experience on both the utility side and the regulated side, I have personally seen the time it can take to process minor violations through the existing enforcement process.
This new process will be a huge improvement on moving potential violations through the pipeline and letting the regulator and entities focus on the higher risk to reliability. NERC released their press statement that summarizes the new initiative:
“Through this initiative, NERC is looking to treat matters based upon the risk associated with them,” said Gerry Cauley, president and chief executive officer at NERC. “By identifying, mitigating and resolving issues that do not pose a serious risk to the reliability of the bulk power system, more resources can be focused on violations that do pose a risk to the grid.”
The compliance initiative is comprised of three possible tracks: dismissal; find, fix, track and report; and notice of penalty. The dismissal and notice of penalty tracks remain as currently managed; however, the find, fix, track and report track identifies possible violations that are of lesser risk to the grid and allows registered entities to mitigate them with no penalty or sanction applied. The registered entity must provide a statement of completion of mitigation activities, which is subject to verification by the Regional Entity.
The new initiative is a paradigm shift in how issues are processed, and reflects a risk-informed approach that recognizes all possible violations are not equal and should not be treated in the same manner. By focusing resources on violations that have a serious risk to the reliability of the bulk power system, NERC is able to better fulfill its mission to ensure the reliability of the bulk power system of North America.
I have written in previous blog posts the importance of registered entities to have a strong Culture of Compliance, including senior management accountability, proper compliance support, and instituting an internal corrective action program. Many of the larger utilities that have nuclear facilities have had this in place for many years. The mid-size and smaller companies still are trying to manage compliance by spreadsheets.
With the new compliance initiative that allows potential violations to be internally identified and managed through the “Find, Fix. Track and Report (FFT Report)” will allow all entities to improve their internal compliance program. With the proper procedures, training, and software system, the the registered entities can identify potential issues entered into the software system and take the appropriate internal actions. Corrective actions can be assigned, implemented and tracked to completion. The AssurX software has been used for years to track issues, store reports and documentation, trend similar issues so that management can take steps to improve performance. Reports and dashboards are in place to be reviewed by the organization.
More importantly, registered entities are now going to have the opportunity to show the regulators that they have a strong compliance culture in place. When the regulator comes in for spot checks or audits, the registered entity should take this opportunity to demonstrate that they have implemented a FFT Reporting process and that any information or trending can readily be available from their compliance software application. Some regions are actually giving scores to entities on how their Culture of Compliance is compared to other entities. AssurX has worked with our customers by consulting them on how to implement corrective action programs, track and trend identified issues.
We have actually been working to prepare for the roll-out of the “Find, Fix, Track and Report” compliance initiative, and have developed a process specific to the FFT Report requirements such as adding risk calculations, repeatable offenses, and VRF/VSL as identified with a particular standard. Contact us to find out more information on how AssurX can support your organization on not just monitoring standards, automating self-certifications, and managing evidence through document management; but to help build a strong Culture of Compliance and implement a robust FFT Reporting process.
You can also follow Trey on Twitter.