With the emergence of NERC’s new Risk Based Compliance Program come many unanswered questions and hesitations on how to move forward within a company’s structure. This recent launch has worried companies in utilities with security and workload concerns. Although the cons may weigh heavily, the Risk Based Compliance benefits companies with promoting a customizable audit.
Bob Case, NERC Compliance Manager at Black Hills Corporation recently spoke with marcus evans about key topics to be discussed at their upcoming Risk Based Compliance & Reliability Assurance for Utilities conference on August 25-27, 2015 in Washington, DC.
With NERC’s recent launch of the new risk based approach, what is your professional opinion on the customization from One Size Fits all to a Tailored fit to better align utilities with regulators?
BC: The concept of sizing the regulatory authority compliance and enforcement effort to the risk an entity poses to the BES has always made sense. However, during the initial years of sanctionable enforcement, NERC and the regional entities had their hands full with outreach to registered entities and between regions to ensure consistent and transparent enforcement. Now, eight years after NERC standards became enforceable, the ERO has audited most registered entities two times, and now has the experience to move to a risk-based approach.
In what ways has/will this recent launch affect your role as NERC Compliance Manager internally?
BC: For Black Hills Corporation, the RAI (Reliability Assurance Initiative) has been going on for three years. An early effort in this direction was known as the EIE (Entity Impact Evaluation). Overall, the risk-based approach at NERC has empowered internal efforts to perform forward-looking risk assessment and justify better documented internal controls.
How has Black Hills Corporation engaged the NERC RAI framework in the Western Interconnect to comprehend the costs and benefits?
BC: Black Hills Corporation instituted financial tracking of NERC costs within registered entities about five years ago, which helped identify the unique costs of NERC compliance. Two years ago, Black Hills started differentiating between the ‘proactive’ and ‘reactive’ costs of NERC compliance. This financial tracking has enabled Black Hills to highlight the apparent financial differences between our last combo audit in 2012, and our upcoming July 2015 audit. The July audit is the first in the Western Interconnect to be officially scoped by both the IRA (Inherent Risk Assessment) and ICE (Internal Controls Evaluation) deployed by WECC.
How can a company properly leverage their utility’s compliance culture and early adoption of CIP V5 to benefit RAI and audit execution?
BC: There is no direct relationship between CIP Version 5 early adoption and RAI. Regardless of whether an entity is being CIP audited under Version 3 or 5, employing internal risk assessment and internal controls will be beneficial to an audit outcome. Black Hills did choose to “early adopt” CIP V5 effective 01-Jan-2015 because it formally defined where our internal CIP compliance efforts should be directed. Additionally, with a July 2015 CIP audit eight months before CIP V5 becomes sanctionable, BHC believed we were in an ideal position to receive WECC consultative recommendations (rather than NOPV’s) related to our CIP V5 efforts.
Black Hills’ compliance culture was leveraged during the IRA and ICE process. During the Inherent Risk Assessment process, BHC had the opportunity to roll out its high-level technical assessment of BHC’s impact on the BES, as well as risk assessments conducted annually for each applicable NERC standard. During the Internal Control Evaluation process, BHC similarly shared with the regulators our high-level address of internal controls from the standpoint of COSO cube for financial management. Doing so demonstrated to WECC that BHC was already on-board with the internal controls concept, and was not simply instituting internal controls because of NERC’s latest initiative.
You have spoken at a couple similar marcus evans events before. What about this conference inspired you to speak?
BC: The decision to speak on the NERC risk-based compliance approach was largely the result of timing. For many entities, the change to risk-based compliance may present some new concepts that they are not sure about. I am a strong believer that we are all in it together when it comes to ensuring the reliability of the BES, so Black Hills’ early audit under the RAI approach seemed to present a good data point to other entities getting ready for risk-based compliance.
Bob Case, NERC Compliance Manager at Black Hills Corporation. Bob Case joined Black Hills Corporation in January 2008 as NERC Compliance Manager, with the responsibility to develop, implement and oversee NERC compliance for all the NERC-registered entities of Black Hills Corporation.
This premier marcus evans Risk Based Compliance and Reliability Assurance for Utilities provides a platform for utilities companies to enhance their GRC, CIP, and Reliability Compliance initiatives. For more information, please check out the conference website or contact Monique Filardi, Marketing Coordinator, Media & PR, marcus evans at 312.540.3000 ext. 6790 or moniquef@marcusevansch.com.
About marcus evans
Marcus evans conferences annually produce over 2,000 high quality events designed to provide key strategic business information, best practice and networking opportunities for senior industry decision-makers. Our global reach is utilized to attract over 30,000 speakers annually; ensuring niche focused subject matter presented directly by practitioners and a diversity of information to assist our clients in adopting best practice in all business disciplines.
Comments