Facility owners and managers know that risk assessment is one of the key elements of a successful internal controls program. Compliance managers who take a proactive stance toward identifying, prioritizing, and mitigating risks are best positioned to meet their entity’s operational, compliance, and reporting objectives.
The best place to start is by determining areas that may lead to noncompliance with NERC Reliability Standards and Requirements. These areas are not only risks to your business, but could impact the bulk power system.
One tool that can help you make these determinations is PFMEA – Process Failure Mode Evaluation and Analysis. When applied to the requirement-specific language of the NERC Standards, PFMEA reveals the risks from failing to meet the requirements. A great example of how PFMEA can be applied to your entity can be found in an interesting article published by the Western Electricity Coordinating Council (WECC), titled “Risk Assessment Concepts for Internal Controls,” which you can read here.
As you consider identifying, prioritizing, and mitigating your risks, start with these questions:
Compliance managers need to be ever mindful of conformance to NERC Standards and Requirements when assessing risk. A tool such as Process Failure Mode Evaluation and Analysis (PFMEA) is useful for proactively evaluating weaknesses that could lead to noncompliance.
In our next blog, we will discuss the design and implementation of internal controls.