audit & compliance tips jagan mandavilli senior compliance engineer
TRANSCRIPT
Audit & ComplianceTips
Jagan MandavilliSenior Compliance Engineer
2
Lessons Learned
● Sabotage Reporting (CIP-001-2a) Contractor produces procedure Ensure operating personnel are aware of
procedures and maintain documentation of awareness• Training records• Emails
Entities do not need to “establish communications contacts” with the FBI
Entity should include a valid local FBI number in contact list, based on NERC guidance
Auditors verify the FBI contact number
NSRSJanuary 9, 2013
3
Lessons Learned
● Protection Systems (PRC-005-1.1b) An entity is responsible for demonstrating compliance
for any portion of a protection system it owns. If your entity has a Coordinated Functional Registration
(CFR) or Joint Registration Organization (JRO), let Texas RE know.
Automatic Voltage Regulator (AVR) equipment is included in Generation Control, not the Generation Protection System. Therefore, no need to self-report under PRC-005 if the equipment was not included in maintenance and testing of the Generation Protection System.
NSRSJanuary 9, 2013
4
Lessons Learned
System Conditions
System Controls
Trans Protection
Turbine / Boiler
Controls
Gen Controls
Gen Protection PRC-001 Coordination
PRC-005 PRC-005
PRC-
019
Coor
dina
tion
NSRSJanuary 9, 2013
5
Lessons Learned
● Protection Systems (PRC-005-1.1b) Entity provides a listing of the sources for each
basis Provide actual source documents such as:
• Manufacturer’s maintenance procedures (O&M Manuals)
• IEEE references (and associated calculations)• NERC Protection System Maintenance (Technical
Reference)• Other authoritative documentation (studies based on
history)
NSRSJanuary 9, 2013
6
Lessons Learned
● Generating real and reactive capability verification (TOP-002-2a, R13) Net leading and lagging reactive capability testing is performed
every 2 years. The entity completes the ERCOT Operating Guides Section 8,
Attachment D, Seasonal Unit Net Real Power Capability Verification Form, and submits its to the Qualified Scheduling Entity (QSE) to be uploaded into ERCOT’s Net Dependable Capability and Reactive Capability (NDCRC) in the Market Information System (MIS).
Auditors have accepted this form as evidence of performing the test.
Data fields for including weather, water conditions, fuel quality, or fuel quantity are not provided on the form.
NSRSJanuary 9, 2013
7
Lessons Learned
● Differences in Derived Limits (IRO-005-3a, R10) Operate the Bulk Electric System to the most
limiting parameter. Evidence could include following a directive from
ERCOT or a Local Transmission Operator (TOP) where there was an instance of differences in derived limits.
NSRSJanuary 9, 2013
8
Lessons Learned
● Registered Entity Responsibility is responsible for all the functions (CIP and 693)
performed by contractors or agents is responsible for providing all evidence including
procedures and records of work performed by contractors or agents
QSE = Contractor or Agent
● Facility Ratings Generally, this should include all equipment up to
the point of interconnection• Interconnection agreement• Diagrams
NSRSJanuary 9, 2013
9
Audit Update
● 2013 Audit Schedule Posted COMPLIANCE>Compliance Audit>Audit Schedule http
://www.texasre.org/compliance/audit/schedule/Pages/Default.aspx
● Audit Scope Actively Monitored List
• Tier 1• Tier 2• Tier 3
NSRSJanuary 9, 2013
10
Audit Update
● Year 2013 If previously audited or spot checked in most
cases, current in-force document is adequate• Previous audit or spot checked is the book-end
New Revisions to existing standards• Only need to provide evidence for the current
enforceable standard.• Auditors will use their judgment on whether to look at
evidence of previous versions.
NSRSJanuary 9, 2013
11
FTP Site
● Texas RE has established its FTP site to provide a secure method of exchanging large amounts information between registered entities and Texas RE.
● Primary use: Request for Information (RFI) Event Analysis Compliance Investigations Audits Spot checks
● The FTP site uses SSL (Secure Sockets Layer) that allows upload and download of information through an encrypted session.
NSRSJanuary 9, 2013
12
CONTACT INFORMATION [email protected]
(512) 583-4944
You may also submit questions to [email protected].
NSRSJanuary 9, 2013