1 / 12

Audit & Compliance Tips

Audit & Compliance Tips. Jagan Mandavilli Senior Compliance Engineer. Lessons Learned. Sabotage Reporting (CIP-001-2a) Contractor produces procedure Ensure operating personnel are aware of procedures and maintain documentation of awareness Training records Emails

yana
Download Presentation

Audit & Compliance Tips

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Audit & ComplianceTips Jagan Mandavilli Senior Compliance Engineer

  2. Lessons Learned • Sabotage Reporting (CIP-001-2a) • Contractor produces procedure • Ensure operating personnel are aware of procedures and maintain documentation of awareness • Training records • Emails • Entities do not need to “establish communications contacts” with the FBI • Entity should include a valid local FBI number in contact list, based on NERC guidance • Auditors verify the FBI contact number NSRS January 9, 2013

  3. Lessons Learned • Protection Systems (PRC-005-1.1b) • An entity is responsible for demonstrating compliance for any portion of a protection system it owns. • If your entity has a Coordinated Functional Registration (CFR) or Joint Registration Organization (JRO), let Texas RE know. • Automatic Voltage Regulator (AVR) equipment is included in Generation Control, not the Generation Protection System. Therefore, no need to self-report under PRC-005 if the equipment was not included in maintenance and testing of the Generation Protection System. NSRS January 9, 2013

  4. Lessons Learned NSRS January 9, 2013

  5. Lessons Learned • Protection Systems (PRC-005-1.1b) • Entity provides a listing of the sources for each basis • Provide actual source documents such as: • Manufacturer’s maintenance procedures (O&M Manuals) • IEEE references (and associated calculations) • NERC Protection System Maintenance (Technical Reference) • Other authoritative documentation (studies based on history) NSRS January 9, 2013

  6. Lessons Learned • Generating real and reactive capability verification (TOP-002-2a, R13) • Net leading and lagging reactive capability testing is performed every 2 years. • The entity completes the ERCOT Operating Guides Section 8, Attachment D, Seasonal Unit Net Real Power Capability Verification Form, and submits its to the Qualified Scheduling Entity (QSE) to be uploaded into ERCOT’s Net Dependable Capability and Reactive Capability (NDCRC) in the Market Information System (MIS). • Auditors have accepted this form as evidence of performing the test. • Data fields for including weather, water conditions, fuel quality, or fuel quantity are not provided on the form. NSRS January 9, 2013

  7. Lessons Learned • Differences in Derived Limits (IRO-005-3a, R10) • Operate the Bulk Electric System to the most limiting parameter. • Evidence could include following a directive from ERCOT or a Local Transmission Operator (TOP) where there was an instance of differences in derived limits. NSRS January 9, 2013

  8. Lessons Learned • Registered Entity Responsibility • is responsible for all the functions (CIP and 693) performed by contractors or agents • is responsible for providing all evidence including procedures and records of work performed by contractors or agents QSE = Contractor or Agent • Facility Ratings • Generally, this should include all equipment up to the point of interconnection • Interconnection agreement • Diagrams NSRS January 9, 2013

  9. Audit Update • 2013 Audit Schedule Posted • COMPLIANCE>Compliance Audit>Audit Schedule • http://www.texasre.org/compliance/audit/schedule/Pages/Default.aspx • Audit Scope • Actively Monitored List • Tier 1 • Tier 2 • Tier 3 NSRS January 9, 2013

  10. Audit Update • Year 2013 • If previously audited or spot checked in most cases, current in-force document is adequate • Previous audit or spot checked is the book-end • New Revisions to existing standards • Only need to provide evidence for the current enforceable standard. • Auditors will use their judgment on whether to look at evidence of previous versions. NSRS January 9, 2013

  11. FTP Site • Texas RE has established its FTP site to provide a secure method of exchanging large amounts information between registered entities and Texas RE. • Primary use: • Request for Information (RFI) • Event Analysis • Compliance Investigations • Audits • Spot checks • The FTP site uses SSL (Secure Sockets Layer) that allows upload and download of information through an encrypted session. NSRS January 9, 2013

  12. Contact Information Jeff.Whitmer@texasre.org (512) 583-4944 You may also submit questions to information@texasre.org. NSRS January 9, 2013

More Related