AICPA SOC Service Organizations - Certrec

Inadequate Configuration Management/Lack of Design Control Results in $192,000 Penalty for Violations of FAC-008-3

Summary of NERC Penalties


Compliance Area




Penalty Amount


FAC-008-3, R6 and FAC-008-3, R8

Oncor Electric Delivery Company LLC

Quarter 1, 2022

Failure of Internal Controls


During a Compliance Audit, Texas RE determined that Oncor Electric Delivery Company LLC (Oncor), as a Transmission Owner (TO), was in noncompliance with FAC-008-3, R6. Specifically, Oncor Facilities had Facilities Ratings that were inconsistent with its associated Facility Ratings methodology. During the Compliance Audit, the audit team reviewed spreadsheets that represented weekly reviews of Facility Ratings performed by Oncor staff. The audit team compared these Ratings to ERCOT Independent System Operator (ERCOT) Model Ratings for the same Facilities and period and noted that some ratings were either higher or lower than the ERCOT Model Ratings. Based on this evidence, the audit team reviewed 199 Oncor Facilities for the period between the previous audit, February 25, 2016, and the time of the current audit. In its review, the audit team noted 22 instances in which Oncor field verifications identified Facility Ratings that altered the Facility’s most limiting applicable Equipment Rating. As such, Oncor’s resulting Facility Ratings for these 22 Facilities were inconsistent with its Facility Rating methodology. This violation resulted in a penalty of $192,000 (NOTE: This violation was combined with another FAC-008 violation.) The root cause of the noncompliance was a failure of internal controls. In particular, Oncor lacked sufficient processes to track and timely reflect equipment ratings changes in its internal Facility Ratings documentation.

Additional Discussion:

Second Example

A second FAC-008 violation was combined with this example for a penalty of $192,000. This second example is as follows.

During a Compliance Audit, Texas RE determined that Oncor Electric Delivery Company LLC (Oncor), as a Transmission Owner (TO), was in noncompliance with FAC-008-3, R8. Specifically, Oncor did not provide accurate and timely Facility Ratings data to its associated Reliability Coordinator, ERCOT.

During the Compliance Audit, the audit team took judgmental samples from a list of Network Operations Model Change Requests (NOMCRs) submitted by Oncor to ERCOT focusing mainly on new and upgraded 138kV and 345kV projects. Based on this review, the audit team identified a number of mismatches between ERCOT model information and information in Oncor’s internal record system. In particular, the audit team identified 29 Facilities for which the Facility Ratings provided to ERCOT differed from the Facility Ratings in Oncor’s internal record system. For 22 Facilities at issue, Oncor detected the Facility Ratings issues during a field verification process, which required Oncor to update both its internal records, as well as the Facility Ratings it had previously provided to ERCOT. For seven additional Facilities, Oncor did not provide the correct Facility Ratings from its internal Facility Rating records to ERCOT as required. Because of the nature of its Facility Rating submission issues, Oncor could not provide documentation when its Facility Rating submissions began. Oncor’s Facility Ratings issues lasted until July 12, 2017, when Oncor submitted the final NOMCR to correct the last erroneous Facility Rating submission at issue.

The root cause of the noncompliance was a failure of internal controls. Oncor possessed a process to perform a weekly comparison between Oncor Facility Ratings and the corresponding Facility Ratings set forth in the ERCOT Network Operations Model, a mitigation tool Oncor put into place as a result of the previous audit. However, in implementing this tool, Oncor did not develop sufficient procedures to ensure it timely submitted Facility Rating changes to address identified discrepancies, including discrepancies identified in Oncor’s field verifications.


  • Texas RE reviewed Oncor’s internal compliance program (ICP) and considered it to be a neutral factor in the penalty determination.
  • Texas RE considered Oncor’s IRO-010-1a R3 compliance history in determining the penalty and disposition track for this violation and determined it to be an aggravating factor.
    •  In TRE2016015568, during a previous Compliance Audit conducted February 1, 2016 through February 25, 2016, Texas RE determined that Oncor was in violation of IRO-010-1a, R3. Oncor failed to provide ERCOT with accurate data regarding the Ratings for 10 of its Facilities for the period of October 1, 2011 (the enforceable date for IRO-010-1a) through May 18, 2016. The incorrect ratings in Oncor’s Transmission Management System (TMS) were telemetered to ERCOT via ICCP.

About Certrec:
Certrec is a leading provider of regulatory compliance solutions for the energy industry with the mission of helping ensure a stable, reliable, bulk electric supply. Since 1988, Certrec’s SaaS applications and consulting expertise have helped hundreds of power-generating facilities manage their regulatory compliance and reduce their risks.

Certrec’s engineers and business teams bring a cumulative 1,500 years of working experience in regulatory areas of compliance, engineering, and operations, including nuclear, fossil, solar, wind facilities, and other Registered Entities generation and transmission.

Certrec has helped more than 120 generating facilities establish and maintain NERC Compliance Programs. We manage the entire NERC compliance program for 60+ registered entities in the US and Canada that trust us to decrease their regulatory and reputational risk. Certrec is ISO/IEC 27001:2013 certified and has successfully completed annual SOC 2 Type 2 examinations.

For press and media inquiries, please contact