Controlling Your Compliance Destiny Through an Internal Compliance Program Solution
 
Introducing the First, Proven, End-to-End Internal Compliance Program Solution
Understanding the elements of an Internal Compliance Program (ICP) is the key to anticipating this regulatory evolution.
Proper implementation and maintenance of an Internal Compliance Program can allow you to get ahead of the "Power Curve" of the regulatory process.
To that end, Certrec offers NERC compliance managers the industry's first, end-to-end Internal Compliance Program solution:

(Click Image to go to Tab)
NERC 693 & CIP AUDIT CHECKUP: A NERC 693 & CIP Audit Checkup is a fast, cost-effective, high level review that helps Entities quickly assess their current state of compliance. Through a sampling, the NERC Audit Checkup identifies audit vulnerabilities and provides recommended actions to help Entities identify any areas of weakness and allow them to focus their resources more effectively on areas that need improvement.
(Click Image to go to Tab)
INTERNAL COMPLIANCE PROGRAM (ICP) ASSESSMENT: An internal compliance program focuses on effective internal controls, incentives to promote compliant behaviors, and the maintenance of a culture of compliance. For NERC Compliance managers who want to quantify the effectiveness of their Internal Compliance Program (ICP), Certrec's Internal Compliance Program Assessment provides evidence of compliance by independently determining your program's adequacy in meeting...

(Click Image to go to Tab)
INTERNAL COMPLIANCE PROGRAM: Registered Entities (RE) are encouraged to implement robust Internal Compliance Programs (ICP) that support reliability on a forward-looking (rather than reactive) basis. RE's that have developed ICPs internally soon realize that they are multi-faceted endeavors - often involving extensive policy and procedure documentation, executive education and oversight, employee training, cross-functional committee participation, maintenance of "living" records, regular communications, and enforcement of NERC Standards and Regional Entity expectations. For NERC compliance managers that wish to quickly deploy a comprehensive compliance program, Certrec offers a proven, end-to-end Internal Compliance Program that is...

(Click Image to go to Tab)
"LIVING" INTERNAL COMPLIANCE PROGRAM (ICP):  Maintaining Internal Compliance programs may be challenging for NERC compliance managers who may lack the expertise, time, or resources necessary to maintain such an in-depth program. Certrec's "Living" Internal Compliance Program is designed to provide the necessary structure, tracking, and training needed to meet regulatory expectations on an ongoing basis. Certrec's highly experienced compliance, audit, and project management specialists ensure that your Internal Compliance Program is...

(Click Image to go to Tab)
"LIVING" RSAW: Reliability Standards Audit Worksheets (RSAW) are used by NERC Compliance Enforcement Authorities (CEAs) to audit Registered Entities. RSAWs are intended to provide a consistent approach to the audit and capture of evidence to substantiate entity compliance for each applicable regulatory requirement. To lessen the difficulty of keeping RSAWs current, Certrec introduces the "Living" RSAW - a web-based solution for creating, managing, and submitting RSAW documentation and evidence in compliance with NERC submission criteria... 
Benchmarking the State of Your 693 & CIP Readiness Ensures No Surprises
A NERC 693 & CIP Audit Checkup is a fast, cost-effective, high level review that helps Entities quickly assess their current state of compliance. Through a sampling, the NERC Audit Checkup identifies audit vulnerabilities and provides recommended actions to help Entities identify any areas of weakness and allow them to focus their resources more effectively on areas that need improvement.
Regional Entities will Audit up to 40% of Registered Entities in 2014
Are you ready?
Certrec's NERC Audit Checkup benchmarks your state of readiness for 693 & CIP audits by examining the critical areas of:

NERC Compliance Implementation

  • Assessment of Management Support and Involvement
  • Assessment of Employee Training
693 & CIP Standards and Requirements
  • Assessment of compliance with Audit Scope standards and sub-requirements
Policies and Procedures Compliance
  • Assessment of written policies and procedures
  • Assessment of documentation maintenance
  • Assessment of effectiveness of Internal Controls
Compliance Evidence
  • Sampling of compliance evidence to ensure that it demonstrates that policies and procedures were followed
  • Sampling the evidence for errors, omissions, and/or areas of possible non-compliance

Certrec's NERC Audit Checkup employs NERC's latest Actively Monitored List of Standards (AML), focusing on the most violated, most risk significant, and recently changed standards and requirements.
The NERC Audit Checkup also identifies audit vulnerabilities and provides recommended actions to ensure there are no audit surprises.
Determine the Adequacy and Effectiveness of Your NERC Internal Compliance Program
An Internal Compliance Program focuses on effective internal controls, incentives to promote compliant behaviors, and the maintenance of a culture of compliance. For NERC Compliance managers who want to determine the effectiveness of their Internal Compliance Program (ICP), Certrec's Internal Compliance Assessment provides evidence of compliance by independently determining your program's adequacy in meeting NERC's CMEP requirements, FERC orders, and Regional Entity expectations.
 
Quickly Understand Your Current State of Compliance, What's Working Well, and Where the Gaps Are
Certrec's common sense approach to NERC assessment quantifies your compliance performance:
Certrec's ICP Assessment Quantifies Compliance Performance
  •  NERC Reliability Standards
  •  Compliance Monitoring and Enforcement Program (CMEP) Requirements
  •  Bulk Electric System Standards (including NPIR)
  •  FERC Orders 693, 706, and Enforcement Guidelines
  •  Regional Entity expectations
  •  Internal Controls and Corrective Actions
  •  Self-Reporting
  •  Results of prior compliance monitoring
  •  What the Registered Entity is doing well vs. performance gaps
  •  State of current RSAWs, Data Submittals, and Compliance Training
  •  Number of violations discovered, investigations, and repeat violations
  •  Results of corrective action programs and mitigation methods
  •  Applicable Compliance Application Notices (CANs) 
 
Certrec's ICP Assessment is conducted by seasoned compliance professionals who have lived the utility culture, understand the workload, technical knowledge, and skills required to operate generation, transmission and distribution facilities, and have managed regulatory compliance programs.

We support small and large Registered Entities, regularly attend Regional Entity meetings, and have conducted numerous Internal Compliance Program Assessments.

Certrec's Internal Compliance Program Assessment quickly and effectively verifies your facilities' state of compliance. It is adaptable to smaller entities as well as flexible enough for multi-site GO/GOPs with distinct characteristics across all locations.
ICP Assessment Sample Report

Cut Through ICP Complexity

Registered Entities (RE) are encouraged to implement robust Internal Compliance Programs (ICP) that comply with electric reliability standards and mandates on a forward-looking (rather than reactive) basis.
However, RE's that have developed ICPs internally soon realize that they are multi-faceted endeavors - often involving extensive policy and procedure documentation, executive education, employee training, cross-functional participation, effective controls, and maintenance of "living" records. Many lack the regulatory experience, compliance process knowledge, program development expertise or time to build and deploy a custom ICP.





 

Take Control of Your Compliance Destiny

Certrec's NERC Internal Compliance Program (ICP) is a systematic approach for meeting internal compliance expectations.
Developed by regulatory compliance experts with deep utility experience, our proven program cuts through the complexity with a complete IC program that demonstrates to NERC and Regional Entities your culture of compliance.

Certrec's Internal Compliance Program includes:
  •  ICP Road Map
  •  Detailed Compliance Policies
  •  Standardized Procedure Templates
  •  Corrective Action and Self-Reporting Procedures
  •  Compliance Awareness and Training
  •  Instructional Materials
  •  Program Communication Templates
  •  RSAW Procedures
  •  Self-Certification Procedures

Also included are Certrec's web-based compliance tools that help manage your ICP in real time, anywhere/anytime.
Relieved of having to build an ICP "from scratch", Registered Entities can take control of their compliance destiny, confident that all the bases are covered.

Ensure that Your Internal Compliance Program is Current, Compliant, and Efficiently Managed with Certrec's "Living" ICP


An Internal Compliance Program is critical for Registered Entities seeking to demonstrate compliance with FERC, NERC, and Regional Entity standards and expectations.

However, maintaining Internal Compliance Programs may be challenging for NERC compliance managers who may lack the expertise, time, or resources necessary to maintain such an in-depth program.

To supplement limited resources and knowledge, NERC compliance managers are choosing Certrec's "Living" Internal Compliance Program - a complete solution for maintaining NERC and Regional Entity compliance.

"Living" Internal Compliance Program
Certrec's "Living" Internal Compliance Program is designed to provide the necessary structure, tracking, and training needed to meet regulatory expectations on an on-going basis. Certrec's highly experienced compliance, audit, and project management specialists ensure that your Internal Compliance Program is current, compliant, and managed efficiently by providing:
  •  Program Management and Oversight
  •  Monitoring of Changing Standards and Requirements
  •  Maintenance of "Living" Compliance Program
    • Monitor and Address NERC Reliability Standard and Program Changes
    • Update, Manage, and Control Documents
    • Maintain Required Evidence
    • Conduct Periodic Compliance Culture Evaluations
    • Provide On-going Compliance Training
    • Ensure COSO-Based Internal Controls
    • Maintain a "Living" RSAW
    • Manage Corrective Action Program
    • Support Management of Self-Assessment and Self-Reporting
    • Administer Implementation Effectiveness Review
  •  NERC Audit Support
    • Audit Preparation Support
    • Conduct Mock Audits
    • Provide Direct Audit Support
    • Develop and Manage Mitigation Plans
Continuous Internal Compliance Made Easy Through "Living" RSAWs

What are the Challenges of Maintaining
Audit-Ready RSAWs?


  •  NERC audits demand specific documentation that is often not current
  •  Keeping up with changing NERC standards, requirements, and RSAW formats is challenging - often too much information
  •  Compliance managers are often time and resource contrained
  •  Managers may lack expertise with RSAW processes and procedures
  •  Evidence files are in varying formats and maintained by multiple owners in traditional file folders
  •  Documentation often lacks links to standards and requirements
  •  Manual, labor-intensive "cut and paste" methods are often employed to maintain the RSAW
  •  RSAW package submittal requirements are challenging

NERC Compliance Enforcement Authorities (CEAs) use Reliability Standard Audit Worksheets (RSAWs) to determine whether Registered Entities have sufficient evidence to support compliance with applicable reliability standards and requirements, to identify non-compliances (potential violations), and to issue sanctions.

Regulatory audits of Registered Entities are typically 3 or more years apart. Often RSAWs are created and updated just prior to the audit by compliance personnel that are already time and resource constrained. A lack of knowledge and experience with RSAW compliance requirements and processes are common - along with trying to keep up with ever-changing NERC standards, requirements, and guidance.

Continuous Compliance with Certrec's "Living" RSAW Solution

To remediate RSAW challenges, Certrec, a regulatory compliance expert, introduces the "Living" RSAW - a web-based solution for creating, managing, and submitting RSAW documentation and evidence in compliance with NERC submission criteria. The "Living" RSAW also allows NERC compliance managers to keep completed RSAWs up-to-date with ever-changing NERC standards, requirements, and guidance.

Certrec's "Living" RSAW quickly cuts through the complexity of managing RSAWs with a template-based solution pre-loaded with regulatory standards, requirements, expectations and criteria (NERC, Regional Entity, ISO, and RTO), and compliance narratives.

 
Certrec's "Living" RSAW Solution
Includes One-Click, Auto-Generated Submittal Package

What also makes the "Living" RSAW unique is that the Registered Entity's policies, procedures, evidence files, and life-cycle changes are relationally linked to the applicable NERC standards and requirements within the RSAW - as well as Regional Entity, ISO, and RTO requirements, criteria, and expectations.

Of significant benefit is the inclusion of "One-Click" RSAW package submittals - a web-based tool that gives compliance managers the ability to submit self-audit or regulatory audit RSAW packages with the click of a mouse.

The "Living" RSAW allows NERC compliance managers to easily keep completed RSAWs up-to-date with ever-changing NERC standards, requirements, guidance, and life-cycle changes. Changes made to the NERC and Regional Entity standards do not significantly impact the "Living" RSAW, as Certrec updates the appropriate information as changes are published.