Compliance Monitoring and Enforcement Program Annual Report Ed - - PowerPoint PPT Presentation

compliance monitoring and enforcement program annual
SMART_READER_LITE
LIVE PREVIEW

Compliance Monitoring and Enforcement Program Annual Report Ed - - PowerPoint PPT Presentation

Mar 23, 2024 36 likes •259 views

Agenda Item 3 Compliance Monitoring and Enforcement Program Annual Report Ed Kichline, Senior Counsel and Director of Enforcement Oversight Steven Noess, Director of Regulatory Programs Compliance Committee Meeting February 5, 2020 RELI ABI

slide-1
SLIDE 1

RELI ABI LI TY | RESI LI ENCE | SECURI TY

Compliance Monitoring and Enforcement Program Annual Report

Ed Kichline, Senior Counsel and Director of Enforcement Oversight Steven Noess, Director of Regulatory Programs Compliance Committee Meeting February 5, 2020

Agenda Item 3

slide-2
SLIDE 2

RELI ABI LI TY | RESI LI ENCE | SECURI TY 2

  • Enforcement metrics include violation aging and mitigation

completion

  • 14% of ERO Enterprise caseload was greater than two years old

at end of year

  • Down from 20% at the end of Q3
  • Comprehensive picture of incoming violations and violation

processing

  • Details on the oldest violations and associated mitigation

Enforcement Metrics

slide-3
SLIDE 3

RELI ABI LI TY | RESI LI ENCE | SECURI TY 3

New Violations and Violation Processing Fewer Reported Violations and Increased Processing in 2019

slide-4
SLIDE 4

RELI ABI LI TY | RESI LI ENCE | SECURI TY 4

Productivity in Resolving Violations More Resolved Noncompliance Across all Levels of Risk in 2019

slide-5
SLIDE 5

RELI ABI LI TY | RESI LI ENCE | SECURI TY 5

  • Dealing with increase in noncompliance with new Reliability

Standards

  • PRC and MOD Standards, especially for variable generation resources
  • CIP Version 5 applicable to more entities and more assets
  • Resolving lower risk noncompliance while working on higher risk

violations

  • Focusing on timely mitigation for all noncompliance
  • Ensuring comprehensive mitigation for highly technical CIP

violations Balanced Approach to Handling Caseload

slide-6
SLIDE 6

RELI ABI LI TY | RESI LI ENCE | SECURI TY 6

  • 352 violations over two years old
  • 64 registered entities
  • 25 violations over two years old with ongoing mitigation
  • 12 registered entities
  • 4 of the 25 violations currently assessed as serious risk
  • 2 registered entities
  • Over 90% have completed mitigation
  • Mitigation completion as measure of reduced risk
  • Over 80% are CIP violations
  • Greater complexity with new technologies and CIP Version 5

Violations Over Two Years Old

slide-7
SLIDE 7

RELI ABI LI TY | RESI LI ENCE | SECURI TY 7

  • Ongoing engagement with registered entities
  • Understanding extent of violations and assisting the design of robust

controls to prevent recurrence

  • Sharing lessons learned and mitigation best practices
  • Effective solutions to the most common causes of violations
  • Outreach on new Reliability Standards and preventive controls to reduce

the number of violations

  • Streamlining efforts
  • Efficient risk assessment and resolution for all noncompliance

What the ERO Enterprise is Doing

slide-8
SLIDE 8

RELI ABI LI TY | RESI LI ENCE | SECURI TY 8

  • CIP Notices of Penalty
  • Resolving the oldest, more complex violations
  • Vegetation Management Notices of Penalty
  • Growth into the Minimum Vegetation Clearance Distance, sometimes

leading to a contact

  • Facility Ratings Notices of Penalty
  • Many resulting from registered entity reviews of equipment and facilities

What to Expect in 2020

slide-9
SLIDE 9

RELI ABI LI TY | RESI LI ENCE | SECURI TY 9

  • CMEP activities indicate widespread discrepancies
  • Documented Facility Ratings versus actual field conditions
  • Many are significant, causing increased risk to bulk power system reliability
  • Performance correlation between strong entity controls and proactive field

validation

  • ERO Enterprise and NATF have coordinated
  • Avoid duplication
  • Ensure common understanding of issue and share best practices
  • ERO Enterprise developing CMEP Practice Guide (expected

release by Q2 2020)

  • Emphasis on training for CMEP staff and outreach for industry
  • 2020 CMEP Implementation Plan

Coordination and Focus on Facility Ratings

slide-10
SLIDE 10

RELI ABI LI TY | RESI LI ENCE | SECURI TY 10

  • 2020 Risk Element
  • Where records are not kept up to date, inaccurate models and damaged

equipment can result. Failing to keep accurate inventories of responsibilities and equipment following asset transfers, addition of new equipment, or mergers and acquisitions, is causing incomplete entity programs in Facility Ratings and vegetation management.

Gaps in Program Execution

Standards Requirements Rationale CIP-002-5.1a R1, R2 Ensuring entities maintain complex programs which handle large amounts of data, e.g., accurate inventories of equipment, following asset transfers, addition of new equipment, etc. CIP-010-2 (-3 eff 7/1/2020) R1 FAC-003-4 R1, R2, R3, R6, R7 FAC-008-3 R6 PRC-005-6 R3

slide-11
SLIDE 11

RELI ABI LI TY | RESI LI ENCE | SECURI TY 11

Oversight Progression Confirming Implementation

  • f Risk-Based CMEP Components

Program Alignment Emphasis Enhance Focus on COP and Minimal Risk Issues 2017 Implement COP and Documentation Training 2018 2019 2020

slide-12
SLIDE 12

RELI ABI LI TY | RESI LI ENCE | SECURI TY 12

Compliance Oversight Plan

Enhanced Analysis Targeted Oversight Prioritized Monitoring Single Report

slide-13
SLIDE 13

RELI ABI LI TY | RESI LI ENCE | SECURI TY 13

  • Tailors compliance monitoring activities based on entity-specific

factors

  • Oversight strategy for a registered entity
  • Provide comparative assessments to shape oversight planning

and resource allocation of ERO Enterprise staff

  • Emphasis on understanding internal controls and other

performance considerations

  • Shared with the registered entity

Compliance Oversight Plan

slide-14
SLIDE 14

RELI ABI LI TY | RESI LI ENCE | SECURI TY 14

I nputs – Quantitative and Qualitative Data

Inherent risk assessment – quantitative entity data such as what you own or operate Performance assessment – qualitative entity data such as internal controls, culture of compliance, compliance history, event data

Enhanced Analysis

slide-15
SLIDE 15

RELI ABI LI TY | RESI LI ENCE | SECURI TY 15

Targeted Oversight

Provides considerations for an entity’s continuous improvement Provides focus for Regional Entity for its compliance monitoring activities

  • Will communicate the Regional Entity’s current understanding of

an inherent risk and performance profile

  • Will include selected Risk Categories for monitoring

Targeted Oversight

slide-16
SLIDE 16

RELI ABI LI TY | RESI LI ENCE | SECURI TY 16

Risk Categories

Asset/ System I dentification Entity Coordination I dentity Management and Access Control Emergency Operations Planning

Operating During Emergencies/ Backup and Recovery

Asset/ System Management and Maintenance Training Modeling Data Asset/ System Physical Protection Long-term Studies/ Assessments Operational Studies/ Assessments System Protection Normal System Operations

slide-17
SLIDE 17

RELI ABI LI TY | RESI LI ENCE | SECURI TY 17

Prioritized Monitoring

Prioritized Monitoring

Identifies target interval for oversight, primary monitoring tools, and informs annual planning

  • Will include a target monitoring frequency selected based on

inherent risk and performance profile

slide-18
SLIDE 18

RELI ABI LI TY | RESI LI ENCE | SECURI TY 18

Prioritized Monitoring 1

1 – 3 Years Higher inherent risk without demonstrated positive performance

2

Higher inherent risk with demonstrated positive performance 2 – 4 Years

3

Moderate inherent risk without demonstrated positive performance 3 – 5 Years

4

Moderate inherent risk with demonstrated positive performance 4 – 6 Years

5

Lower inherent risk without demonstrated positive performance 5 – 7 Years

6

Lower inherent risk with demonstrated positive performance 6 + Years

slide-19
SLIDE 19

RELI ABI LI TY | RESI LI ENCE | SECURI TY 19

Performance I mpact

Category 1

The target monitoring interval for a higher risk entity without demonstrated positive performance is once every 1 – 3 years. A Regional Entity will use one or a combination of the following CMEP Tools:

  • Audit (on or off-site)
  • Self-Certifications
  • Spot Check

Category 2

The target monitoring interval for a higher risk entity with demonstrated positive performance is once every 2 – 4 years. A Regional Entity will use one or a combination of the following CMEP Tools:

  • Audit (on or off-site)
  • Self-Certifications
  • Spot Check
  • Establish target intervals for engagements based off of inherent

risk and performance profile

slide-20
SLIDE 20

RELI ABI LI TY | RESI LI ENCE | SECURI TY 20

Contents of the COP Report

  • 1. Purpose
  • 2. Analysis and Results
  • 3. Oversight Strategy
  • App. A: IRA Results Summary
  • App. B: Standards and

Requirements for Monitoring

Single Report

slide-21
SLIDE 21

RELI ABI LI TY | RESI LI ENCE | SECURI TY 21

  • ERO Enterprise CMEP Business Practice Enhancements
  • Re-evaluate access/possession/retention of entity documents and data
  • Separating CMEP planning, business workflow, and work papers versus

evidence location

  • Proactive and disciplined destruction policy
  • Clarify workflow and work paper documentation expectations
  • Focus of CMEP staff training in 2020
  • April CMEP staff workshop
  • Emphasized during oversight
  • Outreach and training for industry during rollout

Workflow Documentation and Work Paper Enhancements

slide-22
SLIDE 22

RELI ABI LI TY | RESI LI ENCE | SECURI TY 22