1

Compliance Management Tool –

Tracking and Reporting Methods 

OG&E Service Territory

2

OG&E Transmission System

• Interconnections – 63• Circuit Miles – 5,052 miles

OG&E Load and Generation

• 7057 MW Peak load (Aug 2011)• 7,386 MW Generation

o 840 MW Wind

3

Overview Developing and Implementing a consistent

Compliance Model

Fitting Compliance Requirements into the Model

Establishing Clear Accountability Guidelines

Documenting & Tracking Compliance

Compliance Reporting

6

Compliance Model

Compliance Policy

Compliance  Committee

Compliance Monitoring

Compliance Assurance

Operational Compliance

Compliance Model

4

Compliance Model

7Attorney Work Product

DRAFT

Governance

Assurance

Operations

Compliance Model

Governance

Assurance

Operations

8Attorney Work Product

DRAFT

Internal Perspective• Tone at the Top / Executive Responsibility

• Compliance Documentation

• Audits / Assessments

• Performance Measurement

External Perspective• New and Changing Regulation Identification

• Regulatory Communication

• Audit Defense

5

Compliance Model

9Attorney Work Product

DRAFT

Assurance

•Reviews evidence of compliance completed by operations personnel

•Conducts internal compliance reviews / audits

•Maintains an audit‐ready condition for external audits

•Provides training and process support 

Governance

Assurance

Operations

Compliance Model

10Attorney Work Product

DRAFT

Operations

•Understand compliance obligations in their area of responsibility

• Incorporate compliance into daily tasks

•Prepare evidence to document compliance

•Serve as Subject Matter Experts during external audits

Governance

Assurance

Operations

6

Compliance Monitoring Program 

Designed to help the company identify all of its obligations, assign responsibility for completion, track progress, and document completion in an effort to ensure adherence to various legal and regulatory requirements.

Compliance Management Tool (CMT)

• An electronic tool designed to facilitate the Compliance Monitoring Program.

• A systematic inventory of all significant regulatory deadlines and obligations

7

Compliance Event

• An objective that must be met by the Company in order for the Company to remain in compliance with or adhere to regulatory deadlines.

• Compliance Events include:o Documentation that the Company must prepare

to show compliance with a regulatory requirement

o Tasks that a regulatory body requires the Company to complete

Compliance EventsExamples of Compliance Events include :

1. NERC Reliability Requirements.2. Regulatory filings (FERC, Oklahoma, Arkansas, etc.)3. Insurance renewals4. SEC filings5. Tax filings, property tax payments, and amended

federal and state income tax returns6. Board of Director’s reports7. Environmental requirements8. Debt compliance filings9. Franchise agreement renewals

8

What information is collected?See

Handout

Event Description

• Should be written so that individuals unfamiliar with the particular event can understand the significance of the event and what needs to be done to ensure compliance.

• Sufficient detail, including applicable statute, rule, etc., to explain why the event is critical to the effectiveness of the CMT.

9

Event Name• Family is the highest level of association for

Compliance Events, usually a Regulatory body. An example of a Compliance Event Family is “FERC”.

• Category - This is usually an Business Unit or Department name, but can be an area within a department. An example of a Compliance Event Category is “Risk”.

• Group - This is usually the classification in which the report falls or the actual name of a report. An example of a Compliance Event Group is “Standards of Conduct”.

Compliance Deadline

Every event must have a deadline date.

Deadline date categorieso Specific date defined by the regulator (Annual Self-

Certification)o Recurring/Periodic (annual training)

• Recurring Compliance Events are automatically scheduled for future compliance periods

10

Internal Due Date vs. Deadline Date

• Internal Due Date: Date by which the Compliance Event should be completed in advance of the Deadline Date.

• Deadline Date: The date that the compliance event deadline is actually due per the regulation. It is critical that this date be accurate.

Noncompliance RiskIncludes Probability and Impact of both Reputation and Financial/Monetary Impact

o High o Medium o Low

Event DurationTime required to complete the event

o Short - less than one week o Medium - less than one montho Long - more than one month

Risk and Timing

11

Compliance Roles• Responsible Executive (RE): ensure all events that reside

in their department are submitted and updated.• Responsible Member (RM): verify and approve that an

event is complete and that proper evidence associated with the event is attached in the CMT.

• Accountable Member (AM): upload evidence associated with an event into the CMT and mark the event complete. AMs do not approve an event.

• Compliance Coordinator (CC): work with the RMs and AMs to ensure that the evidence provided to show compliance is adequate.

Responsibility Structure

REResponsible Executive

RMResponsible Member

AM

Accountable 

Member

AM

Accountable 

Member

AM

Accountable 

Member

CC

Compliance 

Coordinator

12

Compliance Roles ‐ Example

• PER-005 R1 – Systematic approach to training• RE is the VP Utility Technical Support• RM is the Sr. Manager of Transmission Operations• AM is the Transmission Ops Coordinator• Compliance Coordinators are Utility Operations

Compliance Analysts

Compliance Model

24Attorney Work Product

DRAFT

Assurance

•Reviews evidence of compliance completed by operations personnel

•Conducts internal compliance reviews / audits

•Maintains an audit‐ready condition for external audits

•Provides training and process support 

Governance

Assurance

Operations

13

Compliance Model ‐Assurance Examples

25Attorney Work Product

DRAFT

Utility Operations Compliance

Power Supply

Power Delivery

Information Technology

HR

NERC

Governance

Assurance

Operations

Assurance Examples

26Attorney Work Product

DRAFT

Corp Environmental

Power Supply Power Delivery Facilities

EPA

Governance

Assurance

Operations

14

Assurance Examples

27Attorney Work Product

DRAFT

Employee Relations / Compliance

HR Recruiting HR Operations

EEOC

Governance

Assurance

Operations

Assurance Examples

28Attorney Work Product

DRAFT

Controller

AccountingSEC 

Reporting

Internal Audit

IRS / SEC

Governance

Assurance

Operations

15

Access & Event Modifications

• REs, RMs AMs, and CCs are not able to add, modify, or delete events, roles, or deadlines directly in the CMT.

• Changes must be submitted to the Compliance Department with the applicable approvals.

• RE approval is required for significant changes to events, including:

• CE deadlines, • RE & RM changes • Deletion of a Compliance event

Alerts

Key component of the CMT

• An IT workflow runs each evening and automatically sends alerts via e-mail to the applicable REs, RMs, and AMs based on:

• Time remaining to comply with the deadline• Completion status of the event• Event Duration

16

Compliance Alert & Escalation Matrix

CE Duration Alert Escalation

Short 7 days out if 0% complete 1 day out if not 100%  Complete

5 days out if 25% complete

3 days out if 50% complete

1 day out if 75% complete

Medium 21 days out if 0% complete 3 days out if not 100% complete

14 days out if 25% complete

7 days out if 50% complete

5 days out if 75% complete

Long 45 days out if 0% complete 5 days out and not 100% complete

30 days out if 25% complete

15 days out if 50% complete

7 days out if 75% complete

Types of CMT Alerts

• Internal Due Date

• Alert - Potential Non-Compliance

• 100% Complete & NOT Approved

• Escalation Notice

• Past Due

17

• Escalation Notice - Final QuartileThe Compliance Event listed below with a deadline of 1/15/2015 12:00:00 AM is nearing its due date and its status shows it is less than 100% complete. Please address this issue immediately and contact the compliance office to discuss the resolution of this situation. If the system is in error, please provide that information to the compliance office as well.

Responsible Member is: Member Name displays here

CE Descriptor: Brief Description of event displays here

Event Name – linked to CMT

Notice: This message contains confidential information and links to confidential information. It is intended for the designated addressees only. Do not disseminate, distribute, or copy this email. If you received this email by mistake, please notify the sender immediately and delete this email from your system.

Evidence of Compliance• Each compliance event requires evidence be

uploaded into the CMT and retained for audit purposes.

• An event is not 100% complete until evidence has been attached for that event documenting compliance.

• Examples of evidence:o The report that was filed with the regulatory agencyo A screenshot of the current status of an itemo Affidavit/attestation indicating that some action has been

taken or a predicating event has not occurred during the compliance period.

18

Resources Available

CMP

CMT Training Manual

Compliance Events –Initial Identification

• Meetings with Business Unit Management

• Involve the employees who are doing the work (Subject Matter Experts)

• Get specific

19

Continuous Monitoring 

Annual Business Unit Assessments

Quarterly Focus Groups

Annual Review Process

Business Unit Assessments

o Legalo Corporate

Secretaryo Internal Audito Controllero Treasurero Investor

Relations/Risk

o Retail Energyo Utility

Operationso Generation

Planning & Procurement

o Strategic Planning, Performance Improvement, & IT

o Public Affairso HRo Environmentalo Health &

Safetyo Regulatory

Attorney Work Product

DRAFT

20

Quarterly Focus Groupso New and changing regulationso Compliance violationso Internal and external audits

Compliance Focus Groups (Areas of Particular Compliance Focus)

Financial Regulation

(SEC, IRS, NYSE & SOX)

Environmental Regulation

(EPA, ODEQ & ADEQ)

State & Local Utility 

Regulation

(OCC, APSC & Franchise 

Agreements)

Federal Utility Regulation

(FERC, NERC, DOE , ORCA & 

Stimulus Requirements)

Human Resources Regulation

(EEOC, HIPPA, FMLA & ERISA.)

Safety Regulation

(DOT, OSHA, & 

Workers Comp)

Consumer Protection Regulation

(FCRA & FTC)

Annual Review Process Each RM receives a report of pending Compliance

Events for the upcoming calendar year.

RM notes changes, additions, or deletions on the report.

RE and RM sign a certification form as evidence of their review.

The RE forwards each updated report to the Compliance Department.

21

Reporting to the Compliance Committee

Compliance Model

42Attorney Work Product

DRAFT

Compliance Committee

• Interaction between Key Executives with significant compliance responsibilities

• Facilitation of Regulatory Compliance in furtherance of the Company’s key result of 100% Compliance

• Identification and sharing of Compliance best practices  / opportunities for improvement

• Identification of all regulatory obligations and incorporation into the Compliance process. 

Governance

Assurance

Operations

22

Compliance Events Completed 

300 300 350 350

300 250 200 150

200 250 250150

400300 250

450

0

200

400

600

800

1000

1200

1400

2011 2012 2013 2014

Q4

Q3

Q2

Q1

Total =1100 Total =1050 Total = 1100Total =1200

Attorney Work Product

Escalation Notices

10

60

30

60

80

60

30 30 30

50

20 20

3

24

1220 23

30

12 12 9

33

136

0

10

20

30

40

50

60

70

80

90

100

Q1 ‐

12

Q2 ‐

12

Q3 ‐

12

Q4 ‐

12

Q1 ‐

13

Q2 ‐

13

Q3 ‐

13

Q4  ‐

13

Q1  ‐

14

Q2  ‐

14

Q3  ‐

14

Q4  ‐

14

# of Escalation Notices % of Escalation Notices

44

Note: Escalation Notices as a percentage of completed Compliance Events

23

Escalation Notice – Category Explanations

Escalation Category Category Explanation

Did not update CMTEvents that were completed prior to the Escalation Notice, but the CMT had not 

been updated to  reflect completion.

CMT changes needed

Events that were not completed prior to the Escalation Notice  because 

updates/changes to events in the CMT involving deadline dates, Responsible 

Member assignments, etc., were needed.

Internal / external 

process issue

Events that were not completed prior to the Escalation Notice due to internal or 

external information / processes

Due date issueEvents that were not completed prior to the Escalation Notice because these 

events cannot be completed until the due date; such as certain SEC filings, etc.

45Attorney Work Product

DRAFT

Escalation Notice Analysis

46Attorney Work Product

DRAFT

Did Not 

Update 

CMT, 5

CMT Changes 

Needed, 7

Internal Process 

Issue, 7

External 

Process Issue, 5

Due Date Issue, 

8

Did Not Update CMT

CMT Changes Needed

Internal Process Issue

External Process Issue

Due Date Issue

24

Escalation Notice Analysis by Business Unit

47Attorney Work Product

DRAFT

Business Unit

Did not update CMT

CMT changes needed

Internal Process Issue

External ProcessIssue

Due DateIssue

Utility Operations 3 2 5

Power Delivery 2

Utility Technical Support

5 5

Accounting 8

Corporate Secretary 2

Did Not 

Update 

CMT, 5

CMT 

Changes 

Needed, 

7

Internal 

Process 

Issue, 7

External 

Process 

Issue, 5

Due 

Date 

Issue, 8

Benefits

Changes in workforce

Accountability

Alerts

Recurring requirements

25

What’s the catch?

o Administration

o We don’t know what we don’t know

o Requirements without deadlines

o Single points of failure

Questions?