Evaluate Internal Controls for Assurance of NERC Compliance
March 14, 2022Corrective Action Management—a Vital Tool for NERC Compliance
April 11, 2022
Do you have a solid compliance culture?
The importance of senior management in building a solid compliance culture within a company cannot be overstated. Even the best compliance program will fail unless top management actively embraces compliance and sets the norm for proactive compliant conduct. Developing and maintaining a strong and ongoing culture of compliance is a key undertaking for any organization subject to NERC regulations, and senior management bears primary responsibility for creating such a culture.
How do you measure up?
Each company’s circumstances are unique. Smaller companies have more limited resources. There is no template nor one-size-fits-all compliance program. Management must analyze their regulatory risks, create an appropriate combination of measures to ensure ongoing compliance, and determine the optimum investment to make in compliance measures in light of its resources and risks.
How do you instill a culture of compliance?
In addition to providing adequate funds and resources, there are some common steps
that senior management can take to instill a culture of compliance.
- Ensure designated compliance personnel are actively included in the
development of business initiatives.
- Engage in systematic and effective preventive measures, such as careful hiring,
training, accountability, and supervision.
- Communicate commitment to compliance to employees frequently, both formally
and informally.
- Encourage employees to raise questions and to obtain the views of supervisors
or designated compliance personnel.
- Provide tools and training sufficient to enable employees to comply with
regulatory requirements.
- Establish systems and protocols for monitoring, identifying, and correcting
possible violations.
- Set aside necessary time to address compliance issues as they arise.
- Take prompt action to correct any activity that produces a violation.
- Address misconduct situations promptly.
The takeaway:
Your company’s commitment to compliance needs to include a program with effective
compliance accountability as well as periodic review of the program’s effectiveness.
Why is a compliance-centric culture important?
While an aggressive compliance program and strong direction by senior management to
search out and report regulatory compliance issues may result in an increase of self-
reported violations, over time the successful implementation of such a program should
result in fewer violations.
Where there is evidence that the company has adopted effective preventive measures
with the appropriate accountability and review mechanisms, penalties for any
noncompliance may be reduced or negated.
What can you do to demonstrate commitment to compliance?
- Establish a well-documented, formal program for internal compliance, and
disseminate it widely within the company.
- Ensure the program is supervised by an officer or other high-ranking official.
- Enable the compliance official to report to or have independent access to the
chief executive officer and/or the board of directors.
- Ensure the program is operated and managed so as to be independent.
- Dedicate sufficient resources to the compliance program.
- Guarantee that compliance is fully supported by senior management (e.g., Is
senior management actively involved in compliance efforts? Do company policies
regarding compensation, promotion, and disciplinary action take into account the
relevant employees’ compliance with regulations and the reporting of any
violations?).
Review and modify the compliance program frequently.
- Provide sufficiently detailed, frequent, and thorough training to all relevant employees to instill an understanding of relevant rules and the importance of compliance.
- Establish an ongoing process for auditing compliance with Commission regulations.
- Respond to wrongdoing through disciplinary action against employees involved in violations, and adopt and ensure enforcement of new and more effective internal controls and procedures to prevent a recurrence of misconduct.
In addition, these actions make preventive measures more effective, encourage detection and reporting of violations, and should lead to prompt and effective remediation of violations.