forward together • reliabilityfirst
TRANSCRIPT
Forward Together • ReliabilityFirst
Paradigm Shift from Compliance to Risk
Denise HunterCleveland, OH
Forward Together • ReliabilityFirst
Goal
Understand RF internal control review expectations and learn to craft an Internal Control program.
3
Forward Together • ReliabilityFirst
Current Situation
Compliance based
Unsure of expectations
How do I start?
How much is too much?
4
Forward Together • ReliabilityFirst
Agenda Topics
Compliance oversight in the new paradigm
Internal Controls System Overview
Crafting an Internal Control
Reviewing EMS controls
Next Steps
5
Forward Together • ReliabilityFirst
Audience Benefits
Insight to future oversight expectations
Better understanding of Internal Controls System
Jump start Internal Control program
Focus on controls to reduce EMS outages
6
Forward Together • ReliabilityFirst
RF Controls Review
Culture of Compliance
Segregation of Duties
Documentation
Internal Audits
7
Forward Together • ReliabilityFirst
RF Controls Review
Access processes
Analysis activities
Asset management
Change management
Contract (3rd Party) management
Incident management
8
Integration activities
Validation processes
Verification processes
Independent reviews
Components/inventory management
Implementation controls
Forward Together • ReliabilityFirst
Internal Controls
Internal controls are those activities that we perform to ensure that what we want to happen will happen
And the things we don’t want to happen…
won’t happen
9
Forward Together • ReliabilityFirst
Internal Control Program Components
Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
10
Forward Together • ReliabilityFirst
Types of Internal Controls
Preventative Controls• Segregation of Duties
• Approvals
• Authorizations
• Verifications
• Asset Management (could also be detective)
11
Forward Together • ReliabilityFirst
Types of Internal Controls
Detective Controls• Reviews• Reconciliation• Audits
12
Forward Together • ReliabilityFirst
Types of Internal Controls
Corrective Controls• Data backups• Data Validation controls• Variance controls• Training• Procedure manuals
13
Forward Together • ReliabilityFirst
Crafting an Internal Control
1) Name• What activity are you performing? • Develop a description of the activity.
2) Boundaries• What triggers the activity?• How do you know when it’s completed?
14
Forward Together • ReliabilityFirst
Crafting an Internal Control
3) Outputs• What does the activity produce?
4) Inputs• What’s needed to perform the process?• Where does that information come from?
15
Forward Together • ReliabilityFirst
Crafting an Internal Control
5) Process Activities• Brainstorm the activities
6) Organize Activities• Sequence activities in Step 5• Identify Key and Non Key
16
Forward Together • ReliabilityFirst
Crafting an Internal Control
7) Review• First quality check• Appear complete based on Step 2?
8) Roles• Position that performs activity• Ensure each activity is assigned
17
Forward Together • ReliabilityFirst
Crafting an Internal Control
9) Transcribe• Document process
10) Final Review• Final review by all participants• Walk thru to ensure completeness
18
Forward Together • ReliabilityFirst
Example – Employee Pay
Name: Pay Employees
Boundaries: Work one week, obtain paycheck or automatic deposit
Outputs: Check or stub, payroll report, updated employee records (PTO, etc)
Inputs: Time cards
Activities: Completed/Verified EE timecards, time cards delivered to Payroll, PTO records updated, data entered into payroll processor, checks/stubs delivered to EE, completed payroll report generated
Roles: Employee, Supervisor, Payroll Mgr, Payroll assistant
19
Forward Together • ReliabilityFirst
Transcribed : Swim Lane Format
20
Forward Together • ReliabilityFirst
Review of EMS Internal Controls
Lessons Learned: State Estimator Outages Requiring Tuning/Calibrating EMS Settings• Additional analysis determined settings were original• Settings were chosen based on size and coverage, and to meet needs based on
configuration, topology, contingencies, and external modeling.• Topology changes over course of time (updates to external model, generation
changes: influx of renewables retirement of fossil fuel generators, new incoming ICCP points, sub-transmission data points, etc.)
21
Forward Together • ReliabilityFirst
Possible EMS Internal Control : Change Management
Control Should Include:1. Plan to identify when changes could negatively effect operations, for example:
‒ Model changes‒ Generation retirements‒ Software upgrades
2. Formal change approval process‒ Standardized form‒ Requests recorded and tracked‒ Assessed based on projected effect to operations
22
Forward Together • ReliabilityFirst
Change Management Control, cont.
3. Developed Implementation program‒ Identify possible interruptions to operations‒ Establish proper coordination with internal/external stakeholders
4. Monitor Changes‒ Ensure they are producing desired outcome/effect
5. Document Changes‒ Documentation follows trail from conception to monitoring
6. Defined Emergency Change Process‒ Established/defined process for emergency changes
23
Forward Together • ReliabilityFirst
Other Possible Controls
Independent reviews• Periodic review of settings/parameters to ensure SE continues to converge and
produce quality solutions
Incident management• Documented incident models, templates• Categorization of incident types (improve data gathering and problem mgmt.)
Validation Controls• Defined methodology and criteria
24
Forward Together • ReliabilityFirst
Conclusion
25
Agenda Topics Compliance Oversight in the
new paradigm
Internal Controls System Overview
Crafting an Internal Control
Reviewing EMS controls
Audience benefits Insight to future oversight
expectations
Better understanding of Internal Controls
Jump start Internal Control program
Focus on controls to reduce EMS outages
Forward Together • ReliabilityFirst
Next Steps
Begin identifying Internal Controls
Designate a person/team
Track progress
26
Forward Together • ReliabilityFirst
Questions & AnswersForward Together ReliabilityFirst