Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1
Compliance Management Tool –
Tracking and Reporting Methods
OG&E Service Territory
2
OG&E Transmission System
• Interconnections – 63• Circuit Miles – 5,052 miles
OG&E Load and Generation
• 7057 MW Peak load (Aug 2011)• 7,386 MW Generation
o 840 MW Wind
3
Overview Developing and Implementing a consistent
Compliance Model
Fitting Compliance Requirements into the Model
Establishing Clear Accountability Guidelines
Documenting & Tracking Compliance
Compliance Reporting
6
Compliance Model
Compliance Policy
Compliance Committee
Compliance Monitoring
Compliance Assurance
Operational Compliance
Compliance Model
4
Compliance Model
7Attorney Work Product
DRAFT
Governance
Assurance
Operations
Compliance Model
Governance
Assurance
Operations
8Attorney Work Product
DRAFT
Internal Perspective• Tone at the Top / Executive Responsibility
• Compliance Documentation
• Audits / Assessments
• Performance Measurement
External Perspective• New and Changing Regulation Identification
• Regulatory Communication
• Audit Defense
5
Compliance Model
9Attorney Work Product
DRAFT
Assurance
•Reviews evidence of compliance completed by operations personnel
•Conducts internal compliance reviews / audits
•Maintains an audit‐ready condition for external audits
•Provides training and process support
Governance
Assurance
Operations
Compliance Model
10Attorney Work Product
DRAFT
Operations
•Understand compliance obligations in their area of responsibility
• Incorporate compliance into daily tasks
•Prepare evidence to document compliance
•Serve as Subject Matter Experts during external audits
Governance
Assurance
Operations
6
Compliance Monitoring Program
Designed to help the company identify all of its obligations, assign responsibility for completion, track progress, and document completion in an effort to ensure adherence to various legal and regulatory requirements.
Compliance Management Tool (CMT)
• An electronic tool designed to facilitate the Compliance Monitoring Program.
• A systematic inventory of all significant regulatory deadlines and obligations
7
Compliance Event
• An objective that must be met by the Company in order for the Company to remain in compliance with or adhere to regulatory deadlines.
• Compliance Events include:o Documentation that the Company must prepare
to show compliance with a regulatory requirement
o Tasks that a regulatory body requires the Company to complete
Compliance EventsExamples of Compliance Events include :
1. NERC Reliability Requirements.2. Regulatory filings (FERC, Oklahoma, Arkansas, etc.)3. Insurance renewals4. SEC filings5. Tax filings, property tax payments, and amended
federal and state income tax returns6. Board of Director’s reports7. Environmental requirements8. Debt compliance filings9. Franchise agreement renewals
8
What information is collected?See
Handout
Event Description
• Should be written so that individuals unfamiliar with the particular event can understand the significance of the event and what needs to be done to ensure compliance.
• Sufficient detail, including applicable statute, rule, etc., to explain why the event is critical to the effectiveness of the CMT.
9
Event Name• Family is the highest level of association for
Compliance Events, usually a Regulatory body. An example of a Compliance Event Family is “FERC”.
• Category - This is usually an Business Unit or Department name, but can be an area within a department. An example of a Compliance Event Category is “Risk”.
• Group - This is usually the classification in which the report falls or the actual name of a report. An example of a Compliance Event Group is “Standards of Conduct”.
Compliance Deadline
Every event must have a deadline date.
Deadline date categorieso Specific date defined by the regulator (Annual Self-
Certification)o Recurring/Periodic (annual training)
• Recurring Compliance Events are automatically scheduled for future compliance periods
10
Internal Due Date vs. Deadline Date
• Internal Due Date: Date by which the Compliance Event should be completed in advance of the Deadline Date.
• Deadline Date: The date that the compliance event deadline is actually due per the regulation. It is critical that this date be accurate.
Noncompliance RiskIncludes Probability and Impact of both Reputation and Financial/Monetary Impact
o High o Medium o Low
Event DurationTime required to complete the event
o Short - less than one week o Medium - less than one montho Long - more than one month
Risk and Timing
11
Compliance Roles• Responsible Executive (RE): ensure all events that reside
in their department are submitted and updated.• Responsible Member (RM): verify and approve that an
event is complete and that proper evidence associated with the event is attached in the CMT.
• Accountable Member (AM): upload evidence associated with an event into the CMT and mark the event complete. AMs do not approve an event.
• Compliance Coordinator (CC): work with the RMs and AMs to ensure that the evidence provided to show compliance is adequate.
Responsibility Structure
REResponsible Executive
RMResponsible Member
AM
Accountable
Member
AM
Accountable
Member
AM
Accountable
Member
CC
Compliance
Coordinator
12
Compliance Roles ‐ Example
• PER-005 R1 – Systematic approach to training• RE is the VP Utility Technical Support• RM is the Sr. Manager of Transmission Operations• AM is the Transmission Ops Coordinator• Compliance Coordinators are Utility Operations
Compliance Analysts
Compliance Model
24Attorney Work Product
DRAFT
Assurance
•Reviews evidence of compliance completed by operations personnel
•Conducts internal compliance reviews / audits
•Maintains an audit‐ready condition for external audits
•Provides training and process support
Governance
Assurance
Operations
13
Compliance Model ‐Assurance Examples
25Attorney Work Product
DRAFT
Utility Operations Compliance
Power Supply
Power Delivery
Information Technology
HR
NERC
Governance
Assurance
Operations
Assurance Examples
26Attorney Work Product
DRAFT
Corp Environmental
Power Supply Power Delivery Facilities
EPA
Governance
Assurance
Operations
14
Assurance Examples
27Attorney Work Product
DRAFT
Employee Relations / Compliance
HR Recruiting HR Operations
EEOC
Governance
Assurance
Operations
Assurance Examples
28Attorney Work Product
DRAFT
Controller
AccountingSEC
Reporting
Internal Audit
IRS / SEC
Governance
Assurance
Operations
15
Access & Event Modifications
• REs, RMs AMs, and CCs are not able to add, modify, or delete events, roles, or deadlines directly in the CMT.
• Changes must be submitted to the Compliance Department with the applicable approvals.
• RE approval is required for significant changes to events, including:
• CE deadlines, • RE & RM changes • Deletion of a Compliance event
Alerts
Key component of the CMT
• An IT workflow runs each evening and automatically sends alerts via e-mail to the applicable REs, RMs, and AMs based on:
• Time remaining to comply with the deadline• Completion status of the event• Event Duration
16
Compliance Alert & Escalation Matrix
CE Duration Alert Escalation
Short 7 days out if 0% complete 1 day out if not 100% Complete
5 days out if 25% complete
3 days out if 50% complete
1 day out if 75% complete
Medium 21 days out if 0% complete 3 days out if not 100% complete
14 days out if 25% complete
7 days out if 50% complete
5 days out if 75% complete
Long 45 days out if 0% complete 5 days out and not 100% complete
30 days out if 25% complete
15 days out if 50% complete
7 days out if 75% complete
Types of CMT Alerts
• Internal Due Date
• Alert - Potential Non-Compliance
• 100% Complete & NOT Approved
• Escalation Notice
• Past Due
17
• Escalation Notice - Final QuartileThe Compliance Event listed below with a deadline of 1/15/2015 12:00:00 AM is nearing its due date and its status shows it is less than 100% complete. Please address this issue immediately and contact the compliance office to discuss the resolution of this situation. If the system is in error, please provide that information to the compliance office as well.
Responsible Member is: Member Name displays here
CE Descriptor: Brief Description of event displays here
Event Name – linked to CMT
Notice: This message contains confidential information and links to confidential information. It is intended for the designated addressees only. Do not disseminate, distribute, or copy this email. If you received this email by mistake, please notify the sender immediately and delete this email from your system.
Evidence of Compliance• Each compliance event requires evidence be
uploaded into the CMT and retained for audit purposes.
• An event is not 100% complete until evidence has been attached for that event documenting compliance.
• Examples of evidence:o The report that was filed with the regulatory agencyo A screenshot of the current status of an itemo Affidavit/attestation indicating that some action has been
taken or a predicating event has not occurred during the compliance period.
18
Resources Available
CMP
CMT Training Manual
Compliance Events –Initial Identification
• Meetings with Business Unit Management
• Involve the employees who are doing the work (Subject Matter Experts)
• Get specific
19
Continuous Monitoring
Annual Business Unit Assessments
Quarterly Focus Groups
Annual Review Process
Business Unit Assessments
o Legalo Corporate
Secretaryo Internal Audito Controllero Treasurero Investor
Relations/Risk
o Retail Energyo Utility
Operationso Generation
Planning & Procurement
o Strategic Planning, Performance Improvement, & IT
o Public Affairso HRo Environmentalo Health &
Safetyo Regulatory
Attorney Work Product
DRAFT
20
Quarterly Focus Groupso New and changing regulationso Compliance violationso Internal and external audits
Compliance Focus Groups (Areas of Particular Compliance Focus)
Financial Regulation
(SEC, IRS, NYSE & SOX)
Environmental Regulation
(EPA, ODEQ & ADEQ)
State & Local Utility
Regulation
(OCC, APSC & Franchise
Agreements)
Federal Utility Regulation
(FERC, NERC, DOE , ORCA &
Stimulus Requirements)
Human Resources Regulation
(EEOC, HIPPA, FMLA & ERISA.)
Safety Regulation
(DOT, OSHA, &
Workers Comp)
Consumer Protection Regulation
(FCRA & FTC)
Annual Review Process Each RM receives a report of pending Compliance
Events for the upcoming calendar year.
RM notes changes, additions, or deletions on the report.
RE and RM sign a certification form as evidence of their review.
The RE forwards each updated report to the Compliance Department.
21
Reporting to the Compliance Committee
Compliance Model
42Attorney Work Product
DRAFT
Compliance Committee
• Interaction between Key Executives with significant compliance responsibilities
• Facilitation of Regulatory Compliance in furtherance of the Company’s key result of 100% Compliance
• Identification and sharing of Compliance best practices / opportunities for improvement
• Identification of all regulatory obligations and incorporation into the Compliance process.
Governance
Assurance
Operations
22
Compliance Events Completed
300 300 350 350
300 250 200 150
200 250 250150
400300 250
450
0
200
400
600
800
1000
1200
1400
2011 2012 2013 2014
Q4
Q3
Q2
Q1
Total =1100 Total =1050 Total = 1100Total =1200
Attorney Work Product
Escalation Notices
10
60
30
60
80
60
30 30 30
50
20 20
3
24
1220 23
30
12 12 9
33
136
0
10
20
30
40
50
60
70
80
90
100
Q1 ‐
12
Q2 ‐
12
Q3 ‐
12
Q4 ‐
12
Q1 ‐
13
Q2 ‐
13
Q3 ‐
13
Q4 ‐
13
Q1 ‐
14
Q2 ‐
14
Q3 ‐
14
Q4 ‐
14
# of Escalation Notices % of Escalation Notices
44
Note: Escalation Notices as a percentage of completed Compliance Events
23
Escalation Notice – Category Explanations
Escalation Category Category Explanation
Did not update CMTEvents that were completed prior to the Escalation Notice, but the CMT had not
been updated to reflect completion.
CMT changes needed
Events that were not completed prior to the Escalation Notice because
updates/changes to events in the CMT involving deadline dates, Responsible
Member assignments, etc., were needed.
Internal / external
process issue
Events that were not completed prior to the Escalation Notice due to internal or
external information / processes
Due date issueEvents that were not completed prior to the Escalation Notice because these
events cannot be completed until the due date; such as certain SEC filings, etc.
45Attorney Work Product
DRAFT
Escalation Notice Analysis
46Attorney Work Product
DRAFT
Did Not
Update
CMT, 5
CMT Changes
Needed, 7
Internal Process
Issue, 7
External
Process Issue, 5
Due Date Issue,
8
Did Not Update CMT
CMT Changes Needed
Internal Process Issue
External Process Issue
Due Date Issue
24
Escalation Notice Analysis by Business Unit
47Attorney Work Product
DRAFT
Business Unit
Did not update CMT
CMT changes needed
Internal Process Issue
External ProcessIssue
Due DateIssue
Utility Operations 3 2 5
Power Delivery 2
Utility Technical Support
5 5
Accounting 8
Corporate Secretary 2
Did Not
Update
CMT, 5
CMT
Changes
Needed,
7
Internal
Process
Issue, 7
External
Process
Issue, 5
Due
Date
Issue, 8
Benefits
Changes in workforce
Accountability
Alerts
Recurring requirements
25
What’s the catch?
o Administration
o We don’t know what we don’t know
o Requirements without deadlines
o Single points of failure
Questions?