Procedures and Forms
2008 FRCC Compliance Workshop
April 8-9, 2008
2
The Eight (8) Compliance Monitoring Processes
• Process to collect information in order to make assessments of compliance:
1. Compliance Audits
2. Self-Certification
3. Spot Checking
4. Self-Reporting
5. Exception Reporting
6. Complaint
7. Compliance Violation Investigations
8. Periodic Data Submittals
3
Compliance Audits
• A systematic, objective review and examination of records and activities to determine whether a Registered Entity meets the requirements of applicable Reliability Standards.
• On-site• Off-site
4
Compliance Audit Process (Regularly Scheduled or Random)
FE
RC
NE
RC
Aud
itor(
s)R
egis
tere
d E
ntity
FR
CC
Notice and Schedule Audit
Review Documents
Review Findings with Entity
Complete Audit Package
Write Audit Report
AllegedViolation
Yes
Assemble Team/Send Audit Package to
Registered Entity
See NERC Compliance
Monitoring and Enforcement
Program *
Issue Final Report
Report
Conduct Onsite Audit
Notice and Schedule
Notice and Schedule
* Processes merge at Step 3 (Violation Level and Sanction Determination) in the Compliance Monitoring & Enforcement Program Process Diagram located in the Compliance Enforcement Authority Functional Band
No
Registered Entity Reviews and
Comments on the Report
Report
Review and Evaluate Audit
Report
Notice and Schedule
Audit Team Reviews Entity
Comments
5
Compliance Audits
• The compliance audit scope will include all Reliability Standards applicable to the Registered Entity monitored in the NERC/FRCC Implementation Plans.
• The scope may also include other Reliability Standards and FRCC Regional Reliability Standards that have been approved by FERC.
6
Compliance Audits
• If the data retention requirements of a Reliability Standard does not cover the full period of the compliance audit, the audit will only be applicable to the data retention period specified in the Reliability Standard.
• Audit team members are required to sign and return FRCC Non-Disclosure Agreements.
7
Compliance Audits
• FRCC compliance staff notifies the registered entity of the audit, identifies the audit team members, and sends Pre-Audit Questionnaire and request for data.
• The registered entity completes and returns Pre-audit Questionnaire and requested documentation to the FRCC by the required data.
8
Compliance Audits
• FRCC compliance staff distributes completed Pre-Audit Questionnaire and documentation to the audit team for review.
• Compliance audit is conducted.
• Audit team drafts report, sends to registered entity for review, submits final audit report to FRCC compliance staff.
9
Compliance Audits
• FRCC compliance staff determines alleged violations.
• FRCC compliance committee reviews FRCC compliance staff determination.
• FRCC compliance staff determines applicable penalties and sanctions and sends notice of violation and penalty and/or sanctions to registered entity.
10
Self-Certification
• Attestation by a Registered Entity of compliance or non-compliance with Reliability Standards for which Self-Certification is required by the FRCC and that are included for monitoring in the FRCC Implementation Plan.
11
Self-Certification
• FRCC requires all registered entities to self-certify annually.
• FRCC sends the self-certification forms to the registered entities generally in the first week in November.
• FRCC compliance staff reviews the information provided by the registered entity to determine compliance with the reliability standards and may request additional data and /or information, if necessary.
12
Self-Certification
• FRCC compliance staff will provide a summary report of the self-certification results to the FRCC compliance committee for review.
13
Self Certification ProcessR
eg
iste
red
En
tity
FR
CC
Provide Forms And Instructions
Complete Self Certification Forms
And Instructions
Information Complete
Review Returned Forms and data
(if data was requested)
File Forms In Accordance With
Document Retention Policy
Yes
Request Clarification
No
Alleged Violation
Yes
Process Complete
No
ClarifyIncomplete Submittals
See NERC Compliance
Monitoring and Enforcement
Program *
* Processes merge at Step 3 (Violation Level and Sanction Determination) in the Compliance Monitoring & Enforcement Program Process Diagram located in the Compliance Enforcement Authority Functional Band
14
Spot Checking
• A process in which the FRCC requests a Registered Entity to provide information to support the Registered Entity’s Self-Certification, Self-Reporting, or Periodic Data Submittal and to assess whether the Registered Entity complies with Reliability Standards. Spot Checking may also be random or initiated in response to events, as described in the Reliability Standards, or by operating problems or system events. Spot Checking may require an on-site review to complete.
15
Spot Checking
• Spot checks may be initiated at any time to verify or confirm compliance status.
• FRCC compliance staff sends notice of Spot Check and data request to the registered entity.
• Registered entity returns requested documentation to the FRCC compliance staff.
16
Spot Checking
• FRCC compliance staff selects the Spot Check review team members and schedules the review. Spot Check reviews are normally conducted at the FRCC office.
• The Spot Check review team will provide a report of findings to the FRCC compliance staff.
• Registered entities will have opportunity to review draft report to correct any errors.
17
Spot Checking
• FRCC compliance committee reviews FRCC compliance staff determination.
• Same process for final determination of alleged violation and applicable penalty and/or sanction.
18
Spot Checking ProcessA
ud
ito
r(s)
Re
gis
tere
d
En
tity
FR
CC
Inform Registered Entity of Spot
Check & Request Information
Conduct Review
Provide Information
YesAllegedViolation
See NERC Compliance
Monitoring and Enforcement
Program *
Write inital report
Approve and File Report and Send
Copies
Initial Report
Review Initial Report
No
Registered Entity Reviews and
Comments on the Report
End Process and Notifications
* Processes merge at Step 3 (Violation Level and Sanction Determination) in the Compliance Monitoring & Enforcement Program Process Diagram located in the Compliance Enforcement Authority Functional Band
19
Compliance Violation Investigations
• A comprehensive investigation, which may include an on-site visit with interviews of the appropriate personnel, to determine if a violation of a Reliability Standard has occurred.
20
Compliance Violation Investigations
• Can be initiated at any time in response to a disturbance, complaint, or notification of possible violation.
• FRCC compliance staff selects the investigation review team members.
• FRCC compliance staff will notify the registered entity and NERC within 2 business days of the decision to conduct a Compliance Violation Investigation.
21
Compliance Violation Investigations
• FRCC will provide at least 20 calendar days notice for data request.
• The investigation review team members will review preliminary information or data and determine if additional data or on-site inspections are needed.
• On-site inspection is scheduled, if needed.
22
Compliance Violation Investigations
• Registered entity returns requested data in the required format to the FRCC compliance staff.
• Investigation review team identifies a finding of compliance or non-compliance.
• Investigation review team provides a report of the findings to the FRCC compliance staff.
23
Compliance Violation Investigations
• FRCC compliance staff will provide the determination of alleged violation to the FRCC compliance committee.
• Same process for final determination of alleged violation and applicable penalty and/or sanction.
24
Investigation ProcessN
ER
CFE
RC
FRC
CR
egis
tere
d E
ntity
Investigation Triggered
Notifications Parties
Contact Registered Entity
andRequest Data
Provide Data to
Regional Entity
Conduct Investigation and Develop Report
Alleged Violation
Yes
No
Governmental AuthoritiesNotification
Governmental AuthoritiesNotification
ERO NotificationERO Notification
Investigation Triggered
Investigation Triggered
Investigation Triggered
See NERC Compliance
and Enforcement
Program *
* Processes merge at Step 3 (Violation Level & Sanction Determination) box in the Compliance Monitoring & Enforcement Program Process Diagram located in the Compliance Enforcement Authority Functional Band
Report
Report
ReportNotification
25
Self-Reporting
• A report by a Registered Entity of a violation of a Reliability Standard, based on its own assessment, in order to provide prompt reports of any Reliability Standard violation and the actions that were taken or will be taken to resolve the violation.
26
Self-Reporting
• Self-reporting is encouraged any time a registered entity becomes aware:– Of their violation of a reliability standard, or– A change in the violation severity level of a
previously reported violation.
• Self reporting may be considered as a mitigating factor during the determination of a penalty and/or sanction.
27
Self-Reporting
The process steps of self-reporting are as follows:
• Download the Self-reporting submittal form from the FRCC website at: http://ww.frcc.com/
• Fill out the Self-reporting information and forward the applicable mitigation plan to the FRCC Compliance Manager at: [email protected]
• The FRCC compliance staff will review the information to determine compliance and may request the registered entity to provide clarification or additional data and/or information.
28
Self-Reporting
• The FRCC compliance staff completes the assessment of the registered entity.
• Same process for final determination of alleged violation and applicable penalty and/or sanction.
29
Self Reporting
NE
RC
FR
CC
Reg
iste
red
Ent
ity
Make Self -Reporting Forms
Available
Complete Forms and Submit to Compliance Enforcement
Authority
Review Forms and Determine If a
Violation Occurred
Alleged Violation
Yes
See NERC Compliance Monitoriong Enforcement
Program *
End Process and Notifications
No
* Processes merge at Step 3 (Violation Level and Sanction Determination) in the Compliance Monitoring & Enforcement Program Process Diagram located in the Compliance Enforcement Authority Functional Band
30
Periodic Data Submittals
• Modeling, studies, analyses, documents, procedures, methodologies, operating data, process information or other information to demonstrate compliance with Reliability Standards and provided by Registered Entities to the FRCC on a time frame required by a Reliability Standard or an ad hoc basis.
31
Periodic Data Submittals
• In 2008, the FRCC requires monthly reporting for the following standards;
BAL-001-0 BAL-002-0 BAL-006-1
EOP-002-2 FAC-003-1 INT-001-2
IRO-004-1 IRO-006-3 PER-003-0
PER-004-1 PRC-004-1 PRC-016-0
TOP-005-1 TOP-007-0
• Reporting forms are located on the FRCC compliance website at: http://ww.frcc.com/
32
Periodic Data Submittals
• Reports are due to the FRCC by the 10th of each month. Submit to [email protected]
• Each report will be for the calendar month preceding the 10th of the month that it is submitted.
• Not applicable, fully compliant, or a violation severity level (level of non-compliance) must be indicated for each standard and requirement.
33
Periodic Data Submittals
• For reliability standard FAC-003-1, requirement 3 requires reporting of vegetation caused outages.– If during the reporting period you had an
actual reportable vegetation caused outage, compete the Vegetation Management Report and outage details.
• For ALL reports of non-compliance, a mitigation plan is required. Please submit the mitigation plan to FRCC along with the monthly report.
34
Data Submittal
Re
gis
tere
d E
ntity
FR
CC
Obtain and Review Data
Alleged Violation
Yes
Process Complete
No
Makes Forms Available
Download Forms and Load Data
See NERC Compliance
Monitoring and Enforcement
Program *
* Processes merge at Step 3 (Violation Level and Sanction Determination) in the Compliance Monitoring & Enforcement Program Process Diagram located in the Compliance Enforcement Authority Functional Band
35
Exception Reporting
• Information provided to the FRCC by a Registered Entity indicating that a violation of a Reliability Standard has occurred (e.g., a system operating limit has been exceeded). Some Reliability Standards require Exception Reporting.
36
Exception Reporting
• Some reliability standards require reporting of exceptions to compliance with the reliability standard as a form of compliance monitoring.
• FRCC requires registered entities to provide reports identifying any exceptions to the extent required by any reliability standard.
• FRCC requires registered entities to confirm the number of exceptions that have occurred in a given time period identified by NERC, even if the number of exceptions is zero.
37
Complaints
• An allegation that a Registered Entity violated a Reliability Standard.
38
Complaints
Either NERC or FRCC may receive complaints alleging violations of a reliability standard.– FRCC will conduct a review of each complaint it receives to
determine if the complaint provides sufficient basis for a compliance violation investigation.
– NERC will conduct a review of each complaint• That is related to FRCC.• Where the FRCC determines it cannot conduct the review.• If the complainant wished to remain anonymous.• If the complainant specifically requests NERC to conduct a
review of a complaint.
39
Complaints
• The complainant notifies NERC or the FRCC by using the NERC hotline, submitting a NERC complaint reporting form, or by other means.– A link to the complaint form is posted on the NERC
and FRCC websites.• The complainant should include sufficient information to
enable NERC or the FRCC to make an assessment of whether the initiation of a compliance violation investigation is warranted.– NERC or FRCC may not act on a complaint if the complaint is
incomplete and does not include sufficient information.
40
Complaint Process
Reg
iste
red
Ent
ityN
ER
CF
RC
C
No
Inve
stig
atin
g E
ntity
(F
RC
C o
r N
ER
C)
Com
plai
nant
Make Complaint Forms Available
Complete Forms and Submit to
Regional Entity or ERO
Initial ReviewComplaint
Merited
Notification
No
Alleged Violation
Investigation and Report
Yes
Notification
Statement to Complainant
Notification
Notification Notification
Notification
Notification
No
See NERC Compliance
Monitoring and Enforcement
Program*
* Processes merge at Step 3 (Violation Level and Sanction Determination) in the Compliance Monitoring & Enforcement Program Process Diagram located in the Compliance Enforcement Authority Functional Band
Yes
Notification
+ Anonymous complainant identities will be withheld
41
NERC Compliance Monitoring and Enforcement Program Overview
Reg
iste
red
Ent
ityF
ER
CN
ER
CF
RC
CData Submission
Complete
More Data
Needed
yes
Accepts
Rejects
Violation
Accepts
Rejects
Notice to Governmental
Authorities
Step 1 - Sources of Violations:
Compliance Audits, Self Certifications,
Spot Checks, Event Investigations, Self
Reporting, or Periodic Data
Submittal
Registered Entity Accepts or Rejects Hearing Outcome
Notice of Penalty
Review of Violation and
Sanction Determination by Registered Entity
ERO Appeal Process
Registered Entity Accepts
or Rejects Findings
*Settlement
Settlement negotiations may occur at any time until a Notice of Penalty is filed with FERC
Notice of Penalty
Sanction Imposed
Notice of Alleged Violation and
Sanction
See Complaint Process
Complete?
Notice of Alleged Violation
Notice of Penalty
Resolution: Agreement or Settlement*
Complaints
Step 2 - Staff Review & Determination of Alleged Violation
End Process and Notifications
No
Remedial Action
Process
Step 3 Violation Level and Sanction
Determination
Initial Notice of Alleged Violation
Yes
Violation
Hearing
No Violation
No Violation
Mitigation Plan Process
Accepts
42
?
Questions