With the emergence of NERC’s new Risk Based Compliance Program come many unanswered questions and hesitations on how to move forward within a company’s structure. This recent launch has worried companies in utilities with security and workload concerns. Although the cons may weigh heavily, the Risk Based Compliance benefits companies with promoting a customizable audit.
John Rhea, Compliance Officer and Attorney, OGE Energy Corporation recently spoke with marcus evans about key topics to be discussed at their upcoming Risk Based Compliance & Reliability Assurance for Utilities conference on August 25-27, 2015 in Washington, DC.
With NERC’s recent launch of the new risk based approach, what is your professional opinion on the customization from One Size Fits all to a Tailored fit to better align utilities with regulators?
JR: I am cautiously optimistic about NERC’s implementation of its Risk Based Methodology. The old proverb, “the proof is in the pudding” comes to mind when thinking about this because how the pudding tastes is the proof of how good it is. In other words, just like most everything in life it all comes down to execution. The two main tools NERC has for customizing the application of the risk based approach are the Inherent Risk Assessment (IRA) which is a review of risks posed by an individual registered entity to the reliability of the bulk power system and the Internal Controls Evaluation (ICE) which reviews a registered entity’s- internal controls associated with the risks applicable to that entity and for identifying, assessing and correcting noncompliance with NERC Reliability Standards and the effectiveness of such controls. Based on the outcome of its IRA and ICE a registered entity’s audit scope should be adjusted. Whether or not this actually results in a better alignment with our regulators is yet to be determined. As with our proverbial pudding, the application of IRA and ICE by the Regional Entities may leave an unpleasant taste with registered entity depending on what the chef sends out of the kitchen.
In what ways has/will this recent launch affect your role as NERC Compliance Officer internally?
JR: We created a Compliance Monitoring Program designed to address the constantly changing regulatory environment in which we operate daily, so my responsibilities as Compliance Officer remain steady even as the regulations change. We have accomplished this by developing effective compliance governance policies and procedures to recognize the company’s evolving compliance obligations. We have created and implemented an accountability structure to ensure all regulatory obligations have an identified responsibility matrix and I am charged with enforcing that accountability. We also have a compliance assurance function reviewing processes and procedures as well as evidence of compliance to make sure the company has documentation to prove its compliance. Finally, we are leveraging our Compliance Management Tool to tie all of our internal controls together and store our documentation of compliance. As one of our company’s five Key Result Areas, compliance is baked into everything we do and I make sure it stays that way.
How should companies address NERC compliance risk?
JR: Maintaining compliance with NERC standards and requirements is a major issue facing utilities. There are three things a company must do every day to mitigate its NERC compliance risk.
- Maintain awareness of regulatory exposure,
- Develop and foster relationships with key people both inside the company and out,
- Be prepared to take a stand when needed
Although no one person can know the details of every NERC regulation, they can develop a set of tools to reduce the risk of missing something. Chief among those tools is developing relationships inside your company and within your industry. Maintaining relationships with subject matter experts in your company is the first step in the process. There must also be a healthy line of communication between subject matter experts. The next step is developing relationships with your regulators so that you can know how they view your company. Last but not least are your contemporaries in other companies in your industry. They are in the best position to know what you are going through. These colleagues can provide sage advice on dealing with your regulators, a heads-up for new issues they have encountered a safe place to explore ideas, and occasionally a shoulder to cry on.
The most important tool though is the willingness and ability to take a stand. You owe it to your company and yourself to hold the Company accountable to do the right thing for the right reason every day.
You have spoken at a few marcus evans events before. What about this conference inspired you to speak?
JR: I have been a Marcus Evans speaker multiple times as well as a facilitator for this conference so it’s safe to say I believe in the value this conference brings. It provides an important opportunity for those subject to NERC regulation to get together and ask the questions they wouldn’t dare ask directly to an auditor. This event provides an opportunity for open sharing unavailable at NERC seminar. I encourage people from entities of all sizes to attend because I am confident everyone will find something that will make a difference for them this year.
John D. Rhea is the Compliance Officer at OGE Energy Corporation. Based in Oklahoma City, OGE Energy Corp. is the parent company of Oklahoma Gas & Electric (OG&E) which is an investor owned electric utility. Rhea is going on 15 years working for electric utilities as both an attorney and compliance leader. He has spent almost 8 years with OGE.
This premier marcus evans Risk Based Compliance and Reliability Assurance for Utilities meeting provides a platform for utilities companies to enhance their GRC, CIP, and Reliability Compliance initiatives. For more information, please check out the conference website or contact Monique Filardi, Marketing Coordinator, Media & PR, marcus evans at 312.540.6322 or email@example.com.
About marcus evans
Marcus evans conferences annually produce over 2,000 high quality events designed to provide key strategic business information, best practice and networking opportunities for senior industry decision-makers. Our global reach is utilized to attract over 30,000 speakers annually; ensuring niche focused subject matter presented directly by practitioners and a diversity of information to assist our clients in adopting best practice in all business disciplines.