Audit & ComplianceTips

Jagan MandavilliSenior Compliance Engineer

2

Lessons Learned

● Sabotage Reporting (CIP-001-2a) Contractor produces procedure Ensure operating personnel are aware of

procedures and maintain documentation of awareness• Training records• Emails

Entities do not need to “establish communications contacts” with the FBI

Entity should include a valid local FBI number in contact list, based on NERC guidance

Auditors verify the FBI contact number

NSRSJanuary 9, 2013

3

Lessons Learned

● Protection Systems (PRC-005-1.1b) An entity is responsible for demonstrating compliance

for any portion of a protection system it owns. If your entity has a Coordinated Functional Registration

(CFR) or Joint Registration Organization (JRO), let Texas RE know.

Automatic Voltage Regulator (AVR) equipment is included in Generation Control, not the Generation Protection System. Therefore, no need to self-report under PRC-005 if the equipment was not included in maintenance and testing of the Generation Protection System.

NSRSJanuary 9, 2013

4

Lessons Learned

System Conditions

System Controls

Trans Protection

Turbine / Boiler

Controls

Gen Controls

Gen Protection PRC-001 Coordination

PRC-005 PRC-005

PRC-

019

Coor

dina

tion

NSRSJanuary 9, 2013

5

Lessons Learned

● Protection Systems (PRC-005-1.1b) Entity provides a listing of the sources for each

basis Provide actual source documents such as:

• Manufacturer’s maintenance procedures (O&M Manuals)

• IEEE references (and associated calculations)• NERC Protection System Maintenance (Technical

Reference)• Other authoritative documentation (studies based on

history)

NSRSJanuary 9, 2013

6

Lessons Learned

● Generating real and reactive capability verification (TOP-002-2a, R13) Net leading and lagging reactive capability testing is performed

every 2 years. The entity completes the ERCOT Operating Guides Section 8,

Attachment D, Seasonal Unit Net Real Power Capability Verification Form, and submits its to the Qualified Scheduling Entity (QSE) to be uploaded into ERCOT’s Net Dependable Capability and Reactive Capability (NDCRC) in the Market Information System (MIS).

Auditors have accepted this form as evidence of performing the test.

Data fields for including weather, water conditions, fuel quality, or fuel quantity are not provided on the form.

NSRSJanuary 9, 2013

7

Lessons Learned

● Differences in Derived Limits (IRO-005-3a, R10) Operate the Bulk Electric System to the most

limiting parameter. Evidence could include following a directive from

ERCOT or a Local Transmission Operator (TOP) where there was an instance of differences in derived limits.

NSRSJanuary 9, 2013

8

Lessons Learned

● Registered Entity Responsibility is responsible for all the functions (CIP and 693)

performed by contractors or agents is responsible for providing all evidence including

procedures and records of work performed by contractors or agents

QSE = Contractor or Agent

● Facility Ratings Generally, this should include all equipment up to

the point of interconnection• Interconnection agreement• Diagrams

NSRSJanuary 9, 2013

9

Audit Update

● 2013 Audit Schedule Posted COMPLIANCE>Compliance Audit>Audit Schedule http

://www.texasre.org/compliance/audit/schedule/Pages/Default.aspx

● Audit Scope Actively Monitored List

• Tier 1• Tier 2• Tier 3

NSRSJanuary 9, 2013

10

Audit Update

● Year 2013 If previously audited or spot checked in most

cases, current in-force document is adequate• Previous audit or spot checked is the book-end

New Revisions to existing standards• Only need to provide evidence for the current

enforceable standard.• Auditors will use their judgment on whether to look at

evidence of previous versions.

NSRSJanuary 9, 2013

11

FTP Site

● Texas RE has established its FTP site to provide a secure method of exchanging large amounts information between registered entities and Texas RE.

● Primary use: Request for Information (RFI) Event Analysis Compliance Investigations Audits Spot checks

● The FTP site uses SSL (Secure Sockets Layer) that allows upload and download of information through an encrypted session.

NSRSJanuary 9, 2013

12

CONTACT INFORMATION JEFF.WHITMER@TEXASRE.ORG

(512) 583-4944

You may also submit questions to information@texasre.org.

NSRSJanuary 9, 2013