Internal Control Design and Implementation Minimizes Risks to Your Operation
Undertaking Risk Assessment – Determining Proactive Internal Control
January 31, 2022
How the NERC Deals with Violations
February 14, 2022
What are internal controls and why do they matter?
Asset managers shoulder a lot of weight to keep their entities running smoothly. And while some may see internal controls as things accountants and auditors need to be worried about, a well-designed internal controls program is necessary for your entity to achieve its operational, strategic, compliance, and reporting objectives.
In fact, managers at all levels of the organization are responsible for ensuring that internal controls are set up, followed, and reviewed regularly because internal controls relate to every aspect of maintaining a reliable, resilient, secure grid.
In designing an effective system of internal controls, organization management first should
consider their objectives and goals and the associated risks, especially to the Bulk Power
System. An optimal internal controls system will have both preventative and detective elements.
Preventative controls identify and address risks to compliance issues before they can be
impactful. Detective controls find errors after they have occurred. Also, detective controls will
help determine whether preventative controls are functioning properly. When controls find errors
or undesired outcomes, management must act to remedy the situation and implement corrective
measures to prevent them from happening again.
All controls will require appropriate training, communication, and oversight by management to
ensure they are implemented properly and are operating consistently. Depending on their
functions and risks, control activities may be designed to operate at different frequencies, and
more frequent controls may be needed for higher-risk processes or functions.
No matter how well designed and operated, internal controls can provide only reasonable—not
absolute—assurance that objectives will be met. People are at the foundation of what makes
internal controls work. The responsibility for good internal controls ultimately rests with
leadership, but all employees play important roles.
The takeaway:
A well designed internal controls program uses a risk-informed approach to prevent problems and to provide early detection of potential threats to the organization’s compliance and operational risk profile. Effective internal controls provide a high level of assurance that compliance obligations will be met and that impacts to operations will be minimized.
What can you do?
Ask yourself the following:
- How do you know what risk your organization poses to the Bulk Electric System?
- How are you mitigating those risks?
- How do you know you are compliant?
- How do you tell your organization that you know you are compliant?
- How would you know if the organization was not compliant, and how would you fix it?
Organizational compliance lies in your ability to consistently implement, distribute, and monitor
your policies, procedures, and processes and to ensure your employees understand and
implement them. You simply cannot be fully compliant with regulations if your employees do not
follow your policies, procedures, and processes.
In our next blog, we discuss how monitoring your internal controls adds value to your utility
compliance.
